Plaintext Password Exposure in Brocade Fabric OS Vulnerability
CVE-2024-5462

5.3MEDIUM

Key Information:

Vendor: Brocade
Status: Brocade Fabric Os
Vendor: CVE Published:; 15 February 2025

What is CVE-2024-5462?

The vulnerability in Brocade Fabric OS arises from a configuration issue that fails to encrypt SNMP passwords. When encryption settings are not properly enabled, sensitive information, including SNMP privsecret and authsecret fields, can be exposed as plaintext in various captures, such as configupload or supportsave. This exposure can enable attackers to maliciously access or modify supported OIDs via SNMPv3 queries, leading to potential unauthorized modifications and data breaches.

Affected Version(s)

Brocade Fabric OS before Fabric OS 9.2.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 15, 2025