CVE-2024-29967

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23254
https://support.broadcom.com/external/content/SecurityAdvisories/0/23254

Configurations

No configuration.

History

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23254 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23254 -

19 Apr 2024, 13:10

Type	Values Removed	Values Added
Summary		(es) En Brocade SANnav anterior a Brocade SANnav v2.31 y v2.3.0a, se observó que las instancias de Docker dentro del dispositivo tenían puntos de montaje inseguros, lo que permitía acceso de lectura y escritura a archivos confidenciales. La vulnerabilidad podría permitir que un usuario con privilegios sudo en el sistema operativo host tenga acceso de lectura y escritura a estos archivos.

19 Apr 2024, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-19 05:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-29967

Mitre link : CVE-2024-29967

CVE.ORG link : CVE-2024-29967

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

4.4 /10