Brocade Fabric OS SNMP Vulnerability Could Allow Remote Access to Sensitive Data
CVE-2024-5460

8.1HIGH

Key Information:

Vendor: Brocade
Status: Fabric Operating System
Vendor: CVE Published:; 26 June 2024

What is CVE-2024-5460?

A vulnerability exists in the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS that affects versions before 9.0.0. Due to a hard-coded default community string in the SNMP daemon's configuration file, an authenticated remote attacker can exploit this vulnerability to read data from vulnerable devices. By leveraging the static community string in SNMP version 1 queries, attackers can gain access to sensitive information, potentially compromising the integrity and confidentiality of network management operations.

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2024