CVE-2024-29960

EPSS 0.12%
Veröffentlicht 19.04.2024 04:15:10
Zuletzt bearbeitet 04.02.2025 15:53:21
Quelle sirt@brocade.com
CVE-Watchlists
Login
Unerledigt
Login

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Brocade Sannav Version < 2.3.0a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.323

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
sirt@brocade.com	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://support.broadcom.com/external/content/SecurityAdvisories/0/23244

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29960

EUVD