Log File Vulnerability in Brocade SANnav Exposes Configuration Secrets
CVE-2022-43933
4.4MEDIUM
Key Information:
- Vendor
- Brocade
- Status
- Sannav
- Vendor
- CVE Published:
- 21 November 2024
Summary
An information exposure vulnerability exists in Brocade SANnav prior to version 2.2.2, where sensitive configuration secrets may be inadvertently recorded in log files generated during troubleshooting procedures. The supportsave file, created by an administrative user, can contain critical information such as usernames, passwords, and secret keys. This unintended logging poses a significant security risk, potentially allowing unauthorized access to sensitive data.
Affected Version(s)
SANnav before Brocade SANnav 2.2.2
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved