hard-coded credential in the documentation that appear as the root password (CVE-2024-29966).

Brocade SANnav

0 more products

23255

30 April 2024

17 April 2024

CLOSED

HIGH

7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2024-29966

Brocade Security Advisory ID

BSA-2024-2569

Component

hard-coded credential

 

 

Summary

Brocade SANnav OVA provides a Linux root account for use during the initial installation and management of the SANnav product. The default password for the root account is documented in the SANnav installation guide. This could allow an unauthenticated attacker full access to a Brocade SANnav OVA if the root password is not changed from default by the Admin after installing the SANnav product.

Products Affected

Brocade SANnav before v2.3.0a

Solution

Security update provided in Brocade v2.3.1, v2.3.0a and later releases will force the user to change the root password after first login.

Credit

Pierre Barre reported the issue to Brocade.

 Revision History

Version

Change

Date

1.0

Initial Publication

4/16/2024

1.1

Re-worded summary and solution statements to provide more clarity about the issue and the solution

4/30/2024

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.