Strix
26.1K

CVE-2024-10404

MEDIUMCVSS 4.4/10EPSS 0.10%

Last modified

CVE-2024-10404 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. EPSS estimates a 0.10% chance of exploitation in the next 30 days.

Description

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

Metrics

CVSS 3.1
4.4/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.10%

1.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BroadcomBrocade Sannav< 2.3.1b

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-10404?
CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952
How severe is CVE-2024-10404?
CVE-2024-10404 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.10% probability of exploitation in the next 30 days.
How do I fix CVE-2024-10404?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-10404?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST