CVE-2024-29960

EPSS 0.12%
Published 19.04.2024 04:15:10
Last modified 04.02.2025 15:53:21
Source sirt@brocade.com
Teams watchlist Login
Open Login

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Broadcom ≫ Brocade Sannav Version < 2.3.0a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.323

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
sirt@brocade.com	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://support.broadcom.com/external/content/SecurityAdvisories/0/23244

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29960

EUVD