CVE-2024-4282 - Vulnerability Details

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00105.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Broadcom Subscribe	Brocade Sannav Subscribe
Brocade Subscribe	Sannav Subscribe

Configuration 1 [-]

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Brocade Subscribe	Sannav Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-32832	Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.broadcom.com/external/content/SecurityAdvisories/0/25400

History

Wed, 27 Aug 2025 04:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom brocade Sannav
CPEs		cpe:2.3:a:broadcom:brocade_sannav::::::::
Vendors & Products		Broadcom Broadcom brocade Sannav
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 14 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00038}`	epss `{'score': 0.00035}`

Wed, 19 Feb 2025 02:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 15 Feb 2025 08:45:00 +0900

Type	Values Removed	Values Added
Description		Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
Title		Weak TLS Ciphers on Brocade SANnav OVA SSH port 22
Weaknesses		CWE-327
References		https://support.broadcom.com/external/content/SecurityAdvisories/0/25400
Metrics		cvssV4_0 `{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2025-02-14T23:33:06.196Z

Updated: 2025-02-18T16:27:47.563Z

Reserved: 2024-04-26T22:37:43.925Z

Link: CVE-2024-4282

Vulnrichment

Updated: 2025-02-18T16:27:05.306Z

NVD

Status : Analyzed

Published: 2025-02-15T00:15:13.370

Modified: 2025-08-26T19:42:18.160

Link: CVE-2024-4282

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-13T20:23:04Z

Weaknesses

CWE-327

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object