CVE-2024-10404

{"id": "CVE-2024-10404", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2025-02-14T04:15:07.857", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "CalInvocationHandler in Brocade \nSANnav before 2.3.1b logs sensitive information in clear text. The \nvulnerability could allow an authenticated, local attacker to view \nBrocade Fabric OS switch sensitive information in clear text. An \nattacker with administrative privileges could retrieve sensitive \ninformation including passwords; SNMP responses that contain AuthSecret \nand PrivSecret after collecting a \u201csupportsave\u201d or getting access to an \nalready collected \u201csupportsave\u201d. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952"}, {"lang": "es", "value": "CalInvocationHandler en Brocade SANnav anterior a la versi\u00f3n 2.3.1b registra informaci\u00f3n confidencial en texto plano. La vulnerabilidad podr\u00eda permitir que un atacante local autenticado vea informaci\u00f3n confidencial del conmutador Brocade Fabric OS en texto plano. Un atacante con privilegios administrativos podr\u00eda recuperar informaci\u00f3n confidencial, incluidas contrase\u00f1as, respuestas SNMP que contengan AuthSecret y PrivSecret despu\u00e9s de recopilar un \u201csupportsave\u201d o de obtener acceso a un \u201csupportsave\u201d ya recopilado. NOTA: este problema existe debido a una correcci\u00f3n incompleta de CVE-2024-29952"}], "lastModified": "2025-08-26T20:02:17.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A37BDB-A4C0-4964-A7F8-1F2F9F827AF7", "versionEndExcluding": "2.3.1b"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}