CVE-2024-10405— Weak TLS Ciphers on Brocade SANnav port 443 & 18082
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-10405
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak TLS Ciphers on Brocade SANnav port 443 & 18082
Source: NVD (National Vulnerability Database)
Vulnerability Description
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Source: NVD (National Vulnerability Database)
Vulnerability Title
Broadcom SANnav 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Broadcom SANnav是美国博通(Broadcom)公司的一套SAN管理平台。 Broadcom SANnav存在安全漏洞,该漏洞源于在443和18082端口上启用了弱TLS密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Brocade | Brocade SANnav | Brocade SANnav before 2.3.1b | - |
II. Public POCs for CVE-2024-10405
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-10405
请登录查看更多情报信息。
Same Patch Batch · Brocade · 2025-02-14 · 6 CVEs total
| CVE-2024-10404 | 5.5 MEDIUM | Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave |
| CVE-2025-1053 | Brocade SANnav encryption key is logged in the debug logs | |
| CVE-2024-2240 | Docker implementation in Brocade SANnav is missing Audit Rules. | |
| CVE-2024-4282 | Weak TLS Ciphers on Brocade SANnav OVA SSH port 22 | |
| CVE-2024-5462 | Brocade Fabric OS may capture SNMP Passwords in clear text |
IV. Related Vulnerabilities
Same product: Brocade SANnav
- CVE-2025-6392
Daily Data Dump Collector logs database password in cleartex - CVE-2025-6390
Cleartext storage of sensitive information in Brocade SANnav - CVE-2025-4662
Plaintext security passwords are logged in the audit logs wh - CVE-2024-4282
Weak TLS Ciphers on Brocade SANnav OVA SSH port 22 - CVE-2024-2240
Docker implementation in Brocade SANnav is missing Audit Rul
Same vendor: Brocade
- CVE-2026-0869
Application User custom defined accounts are not properly pa - CVE-2025-58381
Directory transversal vulnerability in Brocade Fabric OS bef - CVE-2025-9711
Privilege escalation in Brocade Fabric OS before 9.2.1c3, an - CVE-2025-58380
Directory transversal vulnerability in Brocade Fabric OS bef - CVE-2026-0383
Information disclosure in Brocade Fabric OS before 9.2.1c2,
Same weakness: CWE-327
- CVE-2026-6411
MAXHUB Pivot Client Application Use of a Broken or Risky Cry - CVE-2026-44405
Paramiko 加密问题漏洞 - CVE-2026-32959
Silex SD-330AC和Silex AMC Manager 安全漏洞 - CVE-2026-5588
PKIX draft CompositeVerifier accepts empty signature sequenc - CVE-2025-14813
GOSTCTR implementation unable to process more than 255 block
V. Comments for CVE-2024-10405
No comments yet