CVE-2024-29964 - Vulnerability Details - OpenCVE

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Broadcom	Brocade Sannav
Brocade	Sannav

Configuration 1 [-]

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249

History

Tue, 04 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom brocade Sannav
CPEs		cpe:2.3:a:broadcom:brocade_sannav::::::::
Vendors & Products		Broadcom Broadcom brocade Sannav

Thu, 19 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Brocade Brocade sannav
CPEs		cpe:2.3:a:brocade:sannav::::::::
Vendors & Products		Brocade Brocade sannav
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Wed, 18 Sep 2024 22:45:00 +0000

Type	Values Removed	Values Added
Description	Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.	Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
Weaknesses		CWE-732

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2024-04-19T04:39:17.273Z

Updated: 2024-09-18T22:30:38.120Z

Reserved: 2024-03-22T05:23:33.322Z

Link: CVE-2024-29964

Vulnrichment

Updated: 2024-08-02T01:17:58.641Z

NVD

Status : Analyzed

Published: 2024-04-19T05:15:49.217

Modified: 2025-02-04T15:47:25.243

Link: CVE-2024-29964

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29964", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2024-03-22T05:23:33.322Z", "datePublished": "2024-04-19T04:39:17.273Z", "dateUpdated": "2024-09-18T22:30:38.120Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Brocade SANnav", "vendor": "Brocade", "versions": [{"status": "affected", "version": "before v2.3.0a"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.<br>"}], "value": "Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-09-18T22:30:38.120Z"}, "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249"}], "source": {"discovery": "UNKNOWN"}, "title": "Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29964", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-19T14:25:49.281464Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*"], "vendor": "brocade", "product": "sannav", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.0a", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:56:52.541Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.641Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.641Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29964", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-19T14:25:49.281464Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*"], "vendor": "brocade", "product": "sannav", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.0a", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-19T14:23:18.403Z"}}], "cna": {"title": "Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brocade", "product": "Brocade SANnav", "versions": [{"status": "affected", "version": "before v2.3.0a"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.", "supportingMedia": [{"type": "text/html", "value": " Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-09-18T22:30:38.120Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29964", "state": "PUBLISHED", "dateUpdated": "2024-09-18T22:30:38.120Z", "dateReserved": "2024-03-22T05:23:33.322Z", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "datePublished": "2024-04-19T04:39:17.273Z", "assignerShortName": "brocade"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "matchCriteriaId": "303EE152-4CED-4655-B035-CB3B91E5E288", "versionEndExcluding": "2.3.0a", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files."}, {"lang": "es", "value": "Las instancias de Docker en Brocade SANnav anteriores a v2.3.1 y v2.3.0a tienen una arquitectura y configuraci\u00f3n inseguras que generan m\u00faltiples vulnerabilidades. Los demonios de Docker est\u00e1n expuestos a la interfaz WAN y otras vulnerabilidades permiten un control total sobre el dispositivo Ova. Una instancia de Docker podr\u00eda acceder a cualquier otra instancia y algunas podr\u00edan acceder a archivos confidenciales. La vulnerabilidad podr\u00eda permitir que un usuario con privilegios sudo en el sistema operativo subyacente acceda y modifique estos archivos."}], "id": "CVE-2024-29964", "lastModified": "2025-02-04T15:47:25.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "sirt@brocade.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-19T05:15:49.217", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23249"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "sirt@brocade.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}