CVE-2024-29964

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29964
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
History

04 Feb 2025, 15:47

Type Values Removed Values Added
CWE CWE-732
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
References () https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 - () https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 - Vendor Advisory
First Time Broadcom
Broadcom brocade Sannav

18 Sep 2024, 23:15

Type Values Removed Values Added
Summary  Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

26 Apr 2024, 00:15

Type Values Removed Values Added
Summary Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker instance could access any other instances, and a few could access sensitive files. The vulnerability could allow a sudo privileged user on the underlying OS to access and modify these files.  Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

19 Apr 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-19 05:15

Updated : 2025-02-04 15:47

NVD link : CVE-2024-29964

Mitre link : CVE-2024-29964

JSON object : View

Products Affected

broadcom

  • brocade_sannav
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource