CVE-2024-4173

A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23285	Not Applicable
https://support.broadcom.com/external/content/SecurityAdvisories/0/23285	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

06 Feb 2025, 17:53

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23285 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23285 - Not Applicable
First Time		Broadcom brocade Sannav Broadcom
CPE		cpe:2.3:a:broadcom:brocade_sannav::::::::
CWE		NVD-CWE-noinfo

Information

Published : 2024-04-25 08:15

Updated : 2025-02-06 17:53

NVD link : CVE-2024-4173

Mitre link : CVE-2024-4173

CVE.ORG link : CVE-2024-4173

JSON object : View

Products Affected

broadcom

brocade_sannav

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-4173", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-04-25T08:15:07.977", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23285", "tags": ["Not Applicable"], "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23285", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nA vulnerability in Brocade SANnav exposes Kafka in the wan interface.\n\nThe vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad en las versiones ova de Brocade SANnav anteriores a Brocade SANnav v2.3.1 y v2.3.0a expone a Kafka en la interfaz wan. La vulnerabilidad podr\u00eda permitir que un atacante no autenticado realice varios ataques, incluido DOS, el dispositivo Brocade SANnav."}], "lastModified": "2025-02-06T17:53:25.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82F550F3-E967-4C24-9EE0-D3E8EA920D1B", "versionEndExcluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}