CVE-2024-29964

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249	Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

04 Feb 2025, 15:47

Type	Values Removed	Values Added
First Time		Broadcom brocade Sannav Broadcom
CPE		cpe:2.3:a:broadcom:brocade_sannav::::::::
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 - Vendor Advisory

Information

Published : 2024-04-19 05:15

Updated : 2025-02-04 15:47

NVD link : CVE-2024-29964

Mitre link : CVE-2024-29964

CVE.ORG link : CVE-2024-29964

JSON object : View

Products Affected

broadcom

brocade_sannav

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2024-29964", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-19T05:15:49.217", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-732"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files."}, {"lang": "es", "value": "Las instancias de Docker en Brocade SANnav anteriores a v2.3.1 y v2.3.0a tienen una arquitectura y configuraci\u00f3n inseguras que generan m\u00faltiples vulnerabilidades. Los demonios de Docker est\u00e1n expuestos a la interfaz WAN y otras vulnerabilidades permiten un control total sobre el dispositivo Ova. Una instancia de Docker podr\u00eda acceder a cualquier otra instancia y algunas podr\u00edan acceder a archivos confidenciales. La vulnerabilidad podr\u00eda permitir que un usuario con privilegios sudo en el sistema operativo subyacente acceda y modifique estos archivos."}], "lastModified": "2025-02-04T15:47:25.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "303EE152-4CED-4655-B035-CB3B91E5E288", "versionEndExcluding": "2.3.0a"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}