Information disclosure in Broadcom Brocade_sannav
CVE-2024-29957
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encrypt…
EPSS: 0.003 (21.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Broadcom Brocade_sannav
- Brocade Sannav — versions before v2.3.1 and v2.3.0a
Weakness classification (CWE)
References
- sirt@brocade.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-29957?
- CVE-2024-29957 is a high-severity vulnerability in Broadcom Brocade_sannav, classified under Insertion of Sensitive Information into Log File. CVSS score: 7.5/10. Published 2024-04-19.
- How severe is CVE-2024-29957?
- High severity. CVSS v3 base score is 7.5 out of 10.