Skip to main content

Brocade Sannav CVE-2024-2859

HIGH
Incorrect Default Permissions (CWE-276)
2024-04-27 sirt@brocade.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 27, 2024 - 00:15 nvd
HIGH 7.2

DescriptionNVD

By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.

AnalysisAI

By default, SANnav OVA is shipped with root user login enabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. Affected products include: Broadcom Brocade Sannav.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.

CVE-2024-3596 CRITICAL
9.0 Jul 09

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (

CVE-2022-23305 CRITICAL
9.8 Jan 18

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be

CVE-2024-4173 CRITICAL
9.8 Apr 25

A vulnerability in Brocade SANnav exposes Kafka in the wan interface. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2024-29966 CRITICAL
9.8 Apr 19

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appl

CVE-2023-31424 CRITICAL
9.8 Aug 31

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web

CVE-2022-23302 HIGH
8.8 Jan 18

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce

CVE-2024-2240 HIGH
8.6 Feb 14

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnera

CVE-2019-16205 HIGH
8.8 Nov 08

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID.

CVE-2025-1053 HIGH
8.6 Feb 14

Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obt

CVE-2024-29959 HIGH
8.6 Apr 19

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the B

CVE-2024-4282 HIGH
8.2 Feb 15

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. Rated high severity (CVSS 8

CVE-2024-29961 HIGH
8.2 Apr 19

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. Rated high severity (CVSS 8.2), this vulnerability is

Share

CVE-2024-2859 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy