SB2024042321 - Multiple vulnerabilities in Brocade SANnav
Published: April 23, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2024-29958)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to printing the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. A remote attacker can gain unauthorized access to sensitive information on the system.
2) Information disclosure (CVE-ID: CVE-2024-29955)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the insertion of sensitive information into Brocade SANnav Log File. A local user can gain unauthorized access to sensitive information on the system.
3) Security features bypass (CVE-ID: CVE-2024-29950)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak encryption within the class FileTransfer. A remote attacker can perform a man-in-the-middle (MitM) attack and obtain sensitive information.
4) Cleartext storage of sensitive information (CVE-ID: CVE-2024-29952)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to plaintext passwords storage in logs. A remote attacker can gain unauthorized access to sensitive information on the system.
5) Security features bypass (CVE-ID: CVE-2024-29951)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak encryption in internal SSH ports. An authenticated attacker on the local network can gain access to sensitive information on the system.
6) Security features bypass (CVE-ID: CVE-2024-29967)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to an error related to Docker instances inside the appliance having insecure mount points allowing reading and wring access to files. A local administrator can gain read and write access to these files.
7) Information disclosure (CVE-ID: CVE-2024-29966)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to hard-coded credentials in the documentation that appear as the appliance's root password. A remote attacker can gain unauthorized access to sensitive information on the system.
8) Cleartext storage of sensitive information (CVE-ID: CVE-2024-29956)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cleartext password in supportsave logs. A remote user can gain unauthorized access to sensitive information on the system.
9) Information disclosure (CVE-ID: CVE-2024-29968)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when instances are configured in disaster recovery mode. A remote user can gain unauthorized access to sensitive information on the system.
10) Information disclosure (CVE-ID: CVE-2024-29965)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the backups from the appliance from the web interface or the command line interface ("SSH") are world-readable. A remote user can gain unauthorized access to sensitive information on the system.
11) Information disclosure (CVE-ID: CVE-2024-29961)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component and perform a supply-chain attack against a Brocade SANnav appliance.
12) Information disclosure (CVE-ID: CVE-2024-29964)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to the docker instances have an insecure architecture and configuration. A remote administrator can gain unauthorized access to sensitive information on the system.
13) Improper Certificate Validation (CVE-ID: CVE-2024-29963)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected product contains hardcoded keys used by Docker to reach remote registries over TLS. A remote attacker can perform a man-in-the-middle (MitM) attack.
14) Information disclosure (CVE-ID: CVE-2024-29960)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to hardcoded and identical SSH keys inside the OVA image. A remote attacker can gain unauthorized access to sensitive information on the system.
15) Information disclosure (CVE-ID: CVE-2024-29962)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to insecure file permission setting that makes files world-readable. A local user can gain unauthorized access to sensitive information on the system.
16) Information disclosure (CVE-ID: CVE-2024-29959)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can print Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save.
17) Information disclosure (CVE-ID: CVE-2024-29957)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the encryption key is stored in the DR log files. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23242
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23239
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23236
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23238
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23237
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23254
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23255
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23240
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23253
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23250
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23249
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23247
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23244
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23248
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23243
- https://support.broadcom.com/external/content/SecurityAdvisories/0/23241