CVE-2022-43933— configuration secrets are logged in support-save
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-43933
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
configuration secrets are logged in support-save
Source: NVD (National Vulnerability Database)
Vulnerability Description
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件和路径信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Broadcom SANnav 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Broadcom SANnav是美国博通(Broadcom)公司的一套SAN管理平台。 Broadcom SANnav 2.2.2之前版本存在安全漏洞,该漏洞源于存在通过日志文件漏洞泄露信息的情况,其中配置机密记录在supportsave中。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-43933
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-43933
请登录查看更多情报信息。
Same Patch Batch · Brocade · 2024-11-21 · 7 CVEs total
| CVE-2022-43936 | 6.8 MEDIUM | Brocade Fabric OS switch passwords when debugging is enabled |
| CVE-2022-43934 | 6.5 MEDIUM | Weak Key-exchange algorithms |
| CVE-2022-43937 | 5.7 MEDIUM | Brocade SANnav Information Disclosure Vulnerability |
| CVE-2022-43935 | 5.3 MEDIUM | Switch passwords and authorization IDs are printed in the embedded MLS DB file |
| CVE-2024-7517 | Privileged escalation via crafted use of portcfg command | |
| CVE-2024-10403 | SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav |
IV. Related Vulnerabilities
Same product: SANnav
- CVE-2025-12774
SQL queries with sensitive information printed in logs with - CVE-2025-12773
Plain password is generated in the audit logs while executin - CVE-2025-12772
Plaintext Switch admin login password is seen in Brocade SAN - CVE-2025-12679
Plain text pbe key visible in audit log during Brocade SANna - CVE-2025-12680
Brocade SANnav DataBase plaintext password is logged in fail
Same vendor: Brocade
- CVE-2026-0869
Application User custom defined accounts are not properly pa - CVE-2025-58381
Directory transversal vulnerability in Brocade Fabric OS bef - CVE-2025-9711
Privilege escalation in Brocade Fabric OS before 9.2.1c3, an - CVE-2025-58380
Directory transversal vulnerability in Brocade Fabric OS bef - CVE-2026-0383
Information disclosure in Brocade Fabric OS before 9.2.1c2,
Same weakness: CWE-538
- CVE-2023-54346
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Data - CVE-2026-7071
CodeAstro Online Job Portal user-cvs file information disclo - CVE-2026-6160
code-projects Simple ChatBox Endpoint chatbox.sql SimpleChat - CVE-2019-25706
Across DR-810 ROM-0 Unauthenticated File Disclosure - CVE-2026-33705
Chamilo LMS has unauthenticated access to Twig template sour
V. Comments for CVE-2022-43933
No comments yet