CVE-2024-5462

CWE-319Cleartext Transmission3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 74.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Brocade Fabric OS
Timeline
PublishedFeb 15

Description

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5brocade/brocade_fabric_osbefore Fabric OS 9.2.0

🔴Vulnerability Details

2
GHSA
GHSA-62m6-f67r-3r6p: If Brocade Fabric OS before Fabric OS 92025-02-15
CVEList
Brocade Fabric OS may capture SNMP Passwords in clear text2025-02-14
CVE-2024-5462 (MEDIUM CVSS 5.3) | If Brocade Fabric OS before Fabric | cvebase.io