CVE-2024-29963

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.

CVSS v3 1.9 LOW

1.9^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23247

Configurations

No configuration.

History

26 Apr 2024, 23:15

Type	Values Removed	Values Added
Summary	(en) Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded keys used by Docker to reach remote registries over TLS. TLS connections with an exposed key allow an attacker to MITM the traffic. Note: Brocade SANnav doesn't have access to remote Docker registries.	(en) Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.
CVSS	v2 : ~~unknown~~ v3 : ~~8.6~~	v2 : unknown v3 : 1.9

19 Apr 2024, 13:10

Type	Values Removed	Values Added
Summary		(es) Brocade SANnav OVA anterior a v2.3.1 y v2.3.0a contiene claves codificadas utilizadas por Docker para acceder a registros remotos a través de TLS. Las conexiones TLS con una clave expuesta permiten a un atacante MITM el tráfico. Nota: Brocade SANnav no tiene acceso a registros Docker remotos.

19 Apr 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-19 04:15

Updated : 2024-04-26 23:15

NVD link : CVE-2024-29963

Mitre link : CVE-2024-29963

CVE.ORG link : CVE-2024-29963

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

1.9 /10