CVE-2023-31925

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.
Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:02

Type Values Removed Values Added
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 - Vendor Advisory () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 5.4

05 Sep 2023, 18:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Broadcom brocade Sannav
Broadcom
CWE CWE-312
CPE cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
References (MISC) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 - (MISC) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 - Vendor Advisory

31 Aug 2023, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-31 01:15

Updated : 2024-11-21 08:02


NVD link : CVE-2023-31925

Mitre link : CVE-2023-31925

CVE.ORG link : CVE-2023-31925


JSON object : View

Products Affected

broadcom

  • brocade_sannav
CWE
CWE-312

Cleartext Storage of Sensitive Information