TLS/SSL Weak Message Authentication Code Ciphers Added by Default in Brocade SANnav Upgrade
CVE-2024-29969

7.5HIGH

Key Information:

Vendor: Brocade
Status: Brocade Sannav
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-29969?

A security concern has been identified in Brocade SANnav that arises from upgrading the software from version 2.2.2 to version 2.3.0. The update introduces weak message authentication code (MAC) ciphers for port 18082 by default, which could jeopardize data integrity and authentication processes. Organizations utilizing this software are advised to evaluate their security posture and consider the implications of using weak ciphers in their environment.

Affected Version(s)

Brocade SANnav before v2.3.1, v2.3.0a

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Mar 22, 2024