CVE-2022-28168

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.netapp.com/advisory/ntap-20220627-0003/	Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:sannav::::::::
	cpe:2.3:a:broadcom:sannav::::::::

History

No history.

Information

Published : 2022-06-27 18:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-28168

Mitre link : CVE-2022-28168

CVE.ORG link : CVE-2022-28168

JSON object : View

Products Affected

broadcom

sannav

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2022-28168", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-06-27T18:15:08.993", "references": [{"url": "https://security.netapp.com/advisory/ntap-20220627-0003/", "tags": ["Third Party Advisory"], "source": "sirt@brocade.com"}, {"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords."}, {"lang": "es", "value": "En Brocade SANnav versiones anteriores a Brocade SANnav versi\u00f3n 2.2.0.2 y Brocade SANnav versi\u00f3n 2.1.1.8, las contrase\u00f1as codificadas del servidor scp son almacenadas usando codificaci\u00f3n Base64, lo que podr\u00eda permitir a un atacante capaz de acceder a los archivos de registro descifrar f\u00e1cilmente las contrase\u00f1as"}], "lastModified": "2022-07-07T18:26:11.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B58BF2-3FAF-4624-85A5-E553C381914D", "versionEndExcluding": "2.1.1.8"}, {"criteria": "cpe:2.3:a:broadcom:sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEF5F841-7F1E-422A-918D-F08C40607A92", "versionEndExcluding": "2.2.0.2", "versionStartIncluding": "2.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}