7.5
CVE-2024-10403
- EPSS 0.16%
- Veröffentlicht 21.11.2024 11:15:16
- Zuletzt bearbeitet 04.02.2025 15:28:04
- Quelle sirt@brocade.com
- CVE-Watchlists
- Unerledigt
LoginSFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Broadcom ≫ Fabric Operating System Version < 9.2.0c1
Broadcom ≫ Fabric Operating System Version >= 9.2.1 < 9.2.1a1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.363 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| sirt@brocade.com | 5.9 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-528 Exposure of Core Dump File to an Unauthorized Control Sphere
The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.