Brocade SANnav Log File Vulnerability Exposes Fabric OS Switch Passwords and Authorization IDs
CVE-2022-43935

4.4MEDIUM

Key Information:

Vendor: Brocade
Status: Sannav
Vendor: CVE Published:; 21 November 2024

What is CVE-2022-43935?

A significant vulnerability in Brocade SANnav allows unauthorized access to sensitive information through log file outputs. Specifically, the flaw arises from the inclusion of Brocade Fabric OS Switch passwords and authorization IDs within the embedded MLS DB file. This exposure poses risks for organizations utilizing Brocade SANnav, as it could facilitate unauthorized access to critical systems. Ensuring that systems are updated to Brocade SANnav version 2.2.2 or later mitigates this risk.

Affected Version(s)

SANnav before Brocade SANnav 2.2.2

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Oct 26, 2022