CVE-2024-29964 - Vulnerability Details

CVE-2024-29964 - Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00224.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Broadcom Subscribe	Brocade Sannav Subscribe
Brocade Subscribe	Sannav Subscribe

Configuration 1 [-]

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-26938	Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249

History

Wed, 05 Feb 2025 01:15:00 +0900

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom brocade Sannav
CPEs		cpe:2.3:a:broadcom:brocade_sannav::::::::
Vendors & Products		Broadcom Broadcom brocade Sannav

Thu, 19 Sep 2024 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Brocade Brocade sannav
CPEs		cpe:2.3:a:brocade:sannav::::::::
Vendors & Products		Brocade Brocade sannav
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 19 Sep 2024 08:45:00 +0900

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 19 Sep 2024 07:45:00 +0900

Type	Values Removed	Values Added
Description	Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.	Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
Weaknesses		CWE-732

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2024-04-19T04:39:17.273Z

Updated: 2024-09-18T22:30:38.120Z

Reserved: 2024-03-22T05:23:33.322Z

Link: CVE-2024-29964

Vulnrichment

Updated: 2024-08-02T01:17:58.641Z

NVD

Status : Analyzed

Published: 2024-04-19T05:15:49.217

Modified: 2025-02-04T15:47:25.243

Link: CVE-2024-29964

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-732

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object