CVE-2024-4159

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23282

Configurations

No configuration.

History

25 Apr 2024, 23:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 4.3
Summary	(en) Brocade SANnav before Brocade SANnav v2.3.1 lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated, remote attacker to reach Kafka APIs and send malicious data.	(en) Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.

25 Apr 2024, 13:18

Type	Values Removed	Values Added
Summary		(es) Brocade SANnav anterior a Brocade SANnav v2.3.1 carece de mecanismos de protección en los puertos 2377/TCP y 7946/TCP, lo que podría permitir que un atacante remoto no autenticado acceda a las API de Kafka y envíe datos maliciosos.

25 Apr 2024, 06:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-25 06:16

Updated : 2024-04-25 23:15

NVD link : CVE-2024-4159

Mitre link : CVE-2024-4159

CVE.ORG link : CVE-2024-4159

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

4.3 /10