Web authentication and authorization bypass
CVE-2023-31424

9.8CRITICAL

Key Information:

Vendor: Brocade
Status: Sannav
Vendor: CVE Published:; 31 August 2023

What is CVE-2023-31424?

The Brocade SANnav Web Interface, prior to versions 2.3.0 and 2.2.2a, possesses a vulnerability that allows remote users to bypass web authentication and authorization mechanisms. This flaw can potentially grant unauthorized access to sensitive functionalities within the web interface, highlighting the importance of timely updates and patching to mitigate such risks.

Affected Version(s)

SANnav Brocade SANnav before Brocade SANnav v2.3.0 and v2.2.2a

References

https://support.broadcom.com/web/ecx/support-content-noti...

https://security.netapp.com/advisory/ntap-20240229-0004/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Apr 28, 2023