CVE-2024-10404— Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave

CVSS 5.5 · Medium EPSS 0.03% · P8 Updated Feb 14, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-10404

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave

Source: NVD (National Vulnerability Database)

Vulnerability Description

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感数据的明文存储

Source: NVD (National Vulnerability Database)

Vulnerability Title

Broadcom SANnav 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Broadcom SANnav是美国博通（Broadcom）公司的一套SAN管理平台。 Broadcom SANnav存在安全漏洞，该漏洞源于CalInvocationHandler以明文形式记录敏感信息。经过身份验证的本地攻击者利用该漏洞可以以明文形式查看Brocade Fabric OS交换机敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Brocade	Brocade SANnav	before 2.3.1b	-

II. Public POCs for CVE-2024-10404

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-10404

请登录查看更多情报信息。

Same Patch Batch · Brocade · 2025-02-14 · 6 CVEs total

CVE-2025-1053		Brocade SANnav encryption key is logged in the debug logs
CVE-2024-2240		Docker implementation in Brocade SANnav is missing Audit Rules.
CVE-2024-10405		Weak TLS Ciphers on Brocade SANnav port 443 & 18082
CVE-2024-4282		Weak TLS Ciphers on Brocade SANnav OVA SSH port 22
CVE-2024-5462		Brocade Fabric OS may capture SNMP Passwords in clear text

IV. Related Vulnerabilities

Same product: Brocade SANnav

Same vendor: Brocade

Same weakness: CWE-312

V. Comments for CVE-2024-10404

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-10404— Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave

I. Basic Information for CVE-2024-10404

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-10404

III. Intelligence Information for CVE-2024-10404

Same Patch Batch · Brocade · 2025-02-14 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-10404

Leave a comment