CVE-2024-29950

EPSS 0.18%
Veröffentlicht 17.04.2024 19:15:07
Zuletzt bearbeitet 04.02.2025 15:40:21
Quelle sirt@brocade.com
CVE-Watchlists
Login
Unerledigt
Login

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash.
The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Brocade Sannav Version < 2.3.0a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.393

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
sirt@brocade.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://support.broadcom.com/external/content/SecurityAdvisories/0/23236

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29950

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29950

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29950

EUVD