7.5
CVE-2024-29950
- EPSS 0.31%
- Veröffentlicht 17.04.2024 19:15:07
- Zuletzt bearbeitet 04.02.2025 15:40:21
- Quelle sirt@brocade.com
- CVE-Watchlists
- Unerledigt
Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Broadcom ≫ Brocade Sannav Version < 2.3.0a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.22 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| sirt@brocade.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://support.broadcom.com/external/content/SecurityAdvisories/0/23236