CVE-2024-29964

MEDIUM

Published 2024-04-19T04:39:17.273Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-29964. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

5.7

/10

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.114

Higher than 11.4% of all CVEs

Attack Vector Metrics

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Description

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Brocade

Brocade SANnav

Affected Versions:

before v2.3.0a

brocade

sannav

Affected Versions:

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-p68r-f2j8-7389

Advisory Details

Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker instance could access any other instances, and a few could access sensitive files. The vulnerability could allow a sudo privileged user on the underlying OS to access and modify these files.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-29964

WEB https://support.broadcom.com/external/content/SecurityAdvisories/0/23249

Advisory provided by GitHub Security Advisory Database. Published: April 19, 2024, Modified: April 19, 2024

References

https://support.broadcom.com/external/content/SecurityAdvisories/0/23249

Published: 2024-04-19T04:39:17.273Z

Last Modified: 2024-09-18T22:30:38.120Z

Copied to clipboard!

CVE-2024-29964

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Brocade SANnav

Affected Versions:

sannav

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!