CVE-2022-43933: configuration secrets are logged in support-save
First published: Thu Nov 21 2024(Updated: )
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom SANnav OVA | <2.2.2 | |
| Broadcom SANnav OVA | <2.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-43933?
CVE-2022-43933 is categorized as a moderate severity vulnerability due to the potential exposure of sensitive configuration secrets.
How do I fix CVE-2022-43933?
To fix CVE-2022-43933, upgrade to Brocade SANnav version 2.2.2 or later to eliminate the information exposure vulnerability.
What is the impact of CVE-2022-43933?
The impact of CVE-2022-43933 includes unauthorized access to sensitive information such as usernames stored in log files.
Who is affected by CVE-2022-43933?
CVE-2022-43933 affects users of Brocade SANnav versions prior to 2.2.2.
Is there a workaround for CVE-2022-43933?
There are no specific workarounds for CVE-2022-43933 other than applying the recommended software update.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/broadcom
- canonical/broadcom sannav ova
- vendor/brocade