CVE-2024-29964

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29964
 Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

5.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249
Configurations

No configuration.

History

26 Apr 2024, 00:15

Type Values Removed Values Added
Summary (en) Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker instance could access any other instances, and a few could access sensitive files. The vulnerability could allow a sudo privileged user on the underlying OS to access and modify these files. (en)  Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
CVSS v2 : unknown
v3 : 4.9 		v2 : unknown
v3 : 5.7

19 Apr 2024, 13:10

Type Values Removed Values Added
Summary
  • (es) Las instancias de Docker en Brocade SANnav anteriores a v2.3.1 y v2.3.0a tienen una arquitectura y configuración inseguras que generan múltiples vulnerabilidades. Los demonios de Docker están expuestos a la interfaz WAN y otras vulnerabilidades permiten un control total sobre el dispositivo Ova. Una instancia de Docker podría acceder a cualquier otra instancia y algunas podrían acceder a archivos confidenciales. La vulnerabilidad podría permitir que un usuario con privilegios sudo en el sistema operativo subyacente acceda y modifique estos archivos.

19 Apr 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-19 05:15

Updated : 2024-04-26 00:15

NVD link : CVE-2024-29964

Mitre link : CVE-2024-29964

CVE.ORG link : CVE-2024-29964

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor