CVE-2024-29953 - Vulnerability Details - OpenCVE

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

OR	cpe:2.3:o:broadcom:fabric_operating_system::::::::
	cpe:2.3:o:broadcom:fabric_operating_system::::::::

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20240822-0009/
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227

History

Tue, 04 Feb 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom fabric Operating System
CPEs		cpe:2.3:o:broadcom:fabric_operating_system::::::::
Vendors & Products		Broadcom Broadcom fabric Operating System

Thu, 22 Aug 2024 19:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240822-0009/

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2024-06-25T23:16:48.169Z

Updated: 2024-08-22T18:03:11.060Z

Reserved: 2024-03-22T05:00:09.537Z

Link: CVE-2024-29953

Vulnrichment

Updated: 2024-08-22T18:03:11.060Z

NVD

Status : Analyzed

Published: 2024-06-26T00:15:10.030

Modified: 2025-02-04T15:19:11.473

Link: CVE-2024-29953

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29953", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2024-03-22T05:00:09.537Z", "datePublished": "2024-06-25T23:16:48.169Z", "dateUpdated": "2024-08-22T18:03:11.060Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Fabric OS", "vendor": "Brocade", "versions": [{"status": "affected", "version": "before v9.2.1, v9.2.0b, and v9.1.1d"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. </span><br><span style=\"background-color: rgb(255, 255, 255);\">This could allow an authenticated user to view other users' session encoded passwords.</span>\n\n"}], "value": "A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. \nThis could allow an authenticated user to view other users' session encoded passwords."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-06-25T23:16:48.169Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>The security update is provided in Brocade Fabric OS v9.2.1, v9.2.0b, v9.1.1d</p>"}], "value": "The security update is provided in Brocade Fabric OS v9.2.1, v9.2.0b, v9.1.1d"}], "source": {"discovery": "INTERNAL"}, "title": "Encoded session passwords on session storage for Virtual Fabric platforms", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T23:39:35.142531Z", "id": "CVE-2024-29953", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T23:39:40.986Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240822-0009/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-22T18:03:11.060Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240822-0009/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-22T18:03:11.060Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29953", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T23:39:35.142531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T23:39:38.549Z"}}], "cna": {"title": "Encoded session passwords on session storage for Virtual Fabric platforms", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brocade", "product": "Fabric OS", "versions": [{"status": "affected", "version": "before v9.2.1, v9.2.0b, and v9.1.1d"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "The security update is provided in Brocade Fabric OS v9.2.1, v9.2.0b, v9.1.1d", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>The security update is provided in Brocade Fabric OS v9.2.1, v9.2.0b, v9.1.1d</p>", "base64": false}]}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. \nThis could allow an authenticated user to view other users' session encoded passwords.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. </span><br><span style=\"background-color: rgb(255, 255, 255);\">This could allow an authenticated user to view other users' session encoded passwords.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-06-25T23:16:48.169Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29953", "state": "PUBLISHED", "dateUpdated": "2024-08-22T18:03:11.060Z", "dateReserved": "2024-03-22T05:00:09.537Z", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "datePublished": "2024-06-25T23:16:48.169Z", "assignerShortName": "brocade"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB2D3825-6F9A-4150-BE38-9EA750E889FF", "versionEndExcluding": "9.1.1d", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "64256C4C-AF75-4D8F-80C3-E4EF4AC0CC8E", "versionEndExcluding": "9.2.0b", "versionStartIncluding": "9.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. \nThis could allow an authenticated user to view other users' session encoded passwords."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web en Brocade Fabric OS anterior a v9.2.1, v9.2.0b y v9.1.1d imprime contrase\u00f1as de sesi\u00f3n codificadas en el almacenamiento de sesiones para plataformas Virtual Fabric. Esto podr\u00eda permitir que un usuario autenticado vea las contrase\u00f1as codificadas de sesi\u00f3n de otros usuarios."}], "id": "CVE-2024-29953", "lastModified": "2025-02-04T15:19:11.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "sirt@brocade.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-26T00:15:10.030", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240822-0009/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "sirt@brocade.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}]}