Primary

Context

Brocade SANnav Clear Text Sensitive Information Logging Vulnerability

Vulnerability

Patched

A vulnerability exists in Brocade SANnav versions prior to 2.3.1b, where the CalInvocationHandler component logs sensitive information in clear text. This issue could enable an authenticated, local attacker to access sensitive data from Brocade Fabric OS switches. Administrators could potentially retrieve passwords and SNMP responses containing AuthSecret and PrivSecret by collecting a 'supportsave' or accessing an already collected 'supportsave'. This vulnerability arises from an incomplete fix for CVE-2024-29952.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including passwords and confidential SNMP data, such as AuthSecret and PrivSecret.

Remediation

Users can upgrade to Brocade SANnav versions 2.4.0 or 2.3.1b to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brocade SANnav Clear Text Sensitive Information Logging Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Brocade SANnav

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating