CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Published: Nov 21, 2024
Updated: May 4, 2025
CVE: CVE-2024-10403
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
broadcom / fabric_operating_system	-	9.2.0c1
broadcom / fabric_operating_system	9.2.1	9.2.1a1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145

Vulnerability Database

289,871

CVE-2024-10403