Brocade SANnav OVA Hard-Coded Credentials Vulnerability
CVE-2024-29966

9.8CRITICAL

Key Information:

Vendor: Brocade
Status: Brocade Sannav
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-29966?

The vulnerability in Brocade SANnav OVA versions prior to v2.3.1 and v2.3.0a arises from hard-coded credentials listed in the documentation. These credentials, which resemble the appliance's root password, can be exploited by an unauthenticated attacker, granting them complete access to the Brocade SANnav appliance. This security risk emphasizes the necessity for organizations to ensure their Brocade SANnav installations are updated and properly configured to prevent unauthorized access.

Affected Version(s)

Brocade SANnav before v2.3.1 and v2.3.0a

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Mar 22, 2024