Brocade SANnav Vulnerability: Encryption Key Stored in DR Log Files
CVE-2024-29957

7.5HIGH

Key Information:

Vendor: Brocade
Status: Brocade Sannav
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-29957?

A security issue has been identified in Brocade SANnav where, under Disaster Recovery mode, encryption keys are improperly stored within the DR log files. This configuration flaw potentially exposes sensitive information, allowing unauthorized access to the encryption key via unprotected log data. This vulnerability underscores the importance of reviewing storage security practices, particularly for configurations relying on disaster recovery protocols, to mitigate the risk of unintended data exposure.

Affected Version(s)

Brocade SANnav before v2.3.1 and v2.3.0a

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Mar 22, 2024