CVE-2024-29961

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246

Configurations

No configuration.

History

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23246 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23246 -

19 Apr 2024, 13:10

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad afecta a Brocade SANnav anterior a v2.3.1 y v2.3.0a. Permite que un servicio Brocade SANnav envíe comandos de ping en segundo plano a intervalos regulares a gridgain.com para verificar si hay actualizaciones disponibles para el Componente. Esto podría hacer que un atacante remoto no autenticado se dé cuenta del comportamiento y lance un ataque a la cadena de suministro contra un dispositivo Brocade SANnav.

19 Apr 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-19 04:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-29961

Mitre link : CVE-2024-29961

CVE.ORG link : CVE-2024-29961

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

8.2 /10