MEDIUM🇵🇱 Wersja polska

CVE-2024-10403

CVSS 5.9v4.0pub. 2024-11-21upd. 2025-02-04

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Broadcom Fabric Operating System

    OS
    Broadcom
    < 9.2.0c19.2.1 – 9.2.1a1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-3596CRITICAL9.0PL ✓ten sam produkt

Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5

CVE-2022-33186CRITICAL9.8ten sam produkt

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could al...

CVE-2021-27797CRITICAL9.8ten sam produkt

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and ...

CVE-2020-15373CRITICAL9.8ten sam produkt

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and...

CVE-2020-15371CRITICAL9.8ten sam produkt

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains c...