CVE-2024-10404

Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave

Description

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

INFO

Published Date :

2025-02-14T03:13:19.662Z

Last Modified :

2025-02-14T15:46:28.704Z

Source :

brocade

AFFECTED PRODUCTS

The following products are affected by CVE-2024-10404 vulnerability.

Vendors	Products
Broadcom	Brocade Sannav

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10404.

URL	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact