CVE-2024-29961: supply-chain attack risk
First published: Fri Apr 19 2024(Updated: )
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom SANnav OVA | <2.3.0a | |
| Broadcom SANnav OVA | <2.3.1 | |
| Broadcom SANnav OVA | =2.3.0a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-29961?
CVE-2024-29961 is considered a high severity vulnerability due to the potential for unauthenticated remote attacks.
How do I fix CVE-2024-29961?
To fix CVE-2024-29961, upgrade Brocade SANnav to version 2.3.1 or later.
What versions of Brocade SANnav are affected by CVE-2024-29961?
CVE-2024-29961 affects Brocade SANnav versions prior to 2.3.1 and version 2.3.0a.
Can CVE-2024-29961 be exploited remotely?
Yes, CVE-2024-29961 can be exploited remotely by unauthenticated attackers.
What impact does CVE-2024-29961 have on the system?
CVE-2024-29961 allows attackers to send ping commands to check for updates, which could lead to further exploitation.
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/broadcom
- canonical/broadcom sannav ova
- vendor/brocade