CVE-2024-29952: Clear text storage of sensistive information by manipulating command variables
First published: Wed Apr 17 2024(Updated: )
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom SANnav OVA | <2.3.0a | |
| Broadcom SANnav OVA | <2.3.1 | |
| Broadcom SANnav OVA |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-29952?
CVE-2024-29952 is considered a medium severity vulnerability due to the risk of exposing sensitive passwords in unencrypted logs.
How do I fix CVE-2024-29952?
To fix CVE-2024-29952, update Brocade SANnav to version 2.3.1 or later.
Who is affected by CVE-2024-29952?
CVE-2024-29952 affects all versions of Brocade SANnav before 2.3.1 and 2.3.0a.
What kind of information is exposed due to CVE-2024-29952?
CVE-2024-29952 can expose Auth, Priv, and SSL key store passwords in unencrypted logs.
Can CVE-2024-29952 be exploited remotely?
CVE-2024-29952 requires an authenticated user to exploit the vulnerability, meaning remote exploitation is not possible without valid credentials.
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/broadcom
- canonical/broadcom sannav ova
- vendor/brocade