Lucene search

BrocadeCVELIST:CVE-2024-29953

HistoryJun 25, 2024 - 11:16 p.m.

CVE-2024-29953 Encoded session passwords on session storage for Virtual Fabric platforms

2024-06-2523:16:48

CWE-922

brocade

www.cve.org

web interface

brocade fabric os

vulnerability

encoded session passwords

session storage

virtual fabric platforms

authenticated user

cve-2024-29953

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms.
This could allow an authenticated user to view other users’ session encoded passwords.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Fabric OS",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "before v9.2.1, v9.2.0b, and v9.1.1d"
      }
    ]
  }
]

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-29953