Weak TLS Ciphers on Brocade SANnav port 443 & 18082. (CVE-2024-10405)
25402
14 February 2025
13 February 2025
CLOSED
MEDIUM
6.9 -- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2024-10405
|
Brocade Security Advisory ID |
BSA-2025-2891 |
|
Component |
encryption |
|
CWE-327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
|
|
Summary
Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.
Detail
Brocade SANnav 2.4.0 and 2.3.1b enable support for the following cipher suites:
TLSv1.3:
- TLS13_AES_128_GCM_SHA256
- TLS13_AES_256_GCM_SHA384
- TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
Products Affected
Brocade SANnav before 2.3.1b
Solution
Security update provided in Brocade SANnav 2.4.0, 2.3.1b
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
February 13, 2025 |
|
1.1 |
Added details about information that can be viewed |
February 14, 2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.