Brocade Sannav
CVE-2024-2859
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
AnalysisAI
By default, SANnav OVA is shipped with root user login enabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. Affected products include: Broadcom Brocade Sannav.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
More in Brocade Sannav
View allRADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. Rated critical severity (CVSS 9.8), this vulnerabi
Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appl
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce
Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnera
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID.
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obt
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the B
Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. Rated high severity (CVSS 8
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. Rated high severity (CVSS 8.2), this vulnerability is
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today