CVE-2024-29965

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.

Published: Apr 19, 2024
Updated: May 4, 2025
CVE: CVE-2024-29965
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CWEs:

CWE-922

Affected Software
References

Software	From	Fixed in
broadcom / brocade_sannav	-	2.3.0a

https://support.broadcom.com/external/content/SecurityAdvisories/0/23250

Vulnerability Database

289,871

CVE-2024-29965