CVE-2023-31423: Possible information exposure through log file vulnerability
First published: Thu Aug 31 2023(Updated: )
Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs.
Credit: sirt@brocade.com sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Brocade Sannav | <2.2.2a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-31423?
CVE-2023-31423 is a vulnerability that allows for possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a.
What is the severity of CVE-2023-31423?
CVE-2023-31423 has a severity rating of 5.7, which is considered medium.
How does CVE-2023-31423 affect Broadcom Brocade SANnav?
CVE-2023-31423 affects versions of Broadcom Brocade SANnav before v2.3.0 and 2.2.2a.
How can an attacker exploit CVE-2023-31423?
An attacker can exploit CVE-2023-31423 by having access to an already collected Brocade SANnav 'supportsave' log.
What is the recommended mitigation for CVE-2023-31423?
To mitigate CVE-2023-31423, it is recommended to update Brocade SANnav to version 2.3.0 or newer.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- vendor/broadcom
- canonical/broadcom brocade sannav