CVE-2023-31925

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.

Published: Aug 31, 2023
Updated: Sep 6, 2023
CVE: CVE-2023-31925
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
broadcom / brocade_sannav	-	2.2.2a

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506

Vulnerability Database

289,871

CVE-2023-31925