Insufficient Session ID Randomness in Brocade SANnav
CVE-2019-16205

8.8HIGH

Key Information:

Vendor: Brocade Communications Systems, Inc.
Status: Brocade Sannav
Vendor: CVE Published:; 8 November 2019

What is CVE-2019-16205?

A vulnerability exists in Brocade SANnav that enables remote attackers to potentially brute-force valid session IDs. This issue arises from the use of insufficiently random session IDs for multiple post-authentication actions within the SANnav portal. The vulnerability creates an opportunity for unauthorized access, making it crucial for users to upgrade to the latest version for enhanced security.

Affected Version(s)

Brocade SANnav versions before v2.0

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2019
Vulnerability Reserved
Sep 10, 2019

Brocade Communications Systems, Inc.

What is CVE-2019-16205?

Affected Version(s)

References

CVSS V3.1

Timeline