Brocade SANnav Vulnerability Could Lead to Supply-Chain Attack
CVE-2024-29961

8.2HIGH

Key Information:

Vendor: Brocade
Status: Brocade Sannav
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-29961?

A vulnerability exists in Brocade SANnav which allows an unauthenticated remote attacker to exploit the service's routine ping commands sent to gridgain.com. This functionality checks for component updates and may expose the system to supply chain risks. Attackers could leverage this behavior to initiate a targeted supply chain attack against Brocade SANnav appliances, potentially compromising the integrity and security of the systems involved.

Affected Version(s)

Brocade SANnav before v2.3.1 and v2.3.0a

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Mar 22, 2024