CVE-2023-31925

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506	Vendor Advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:02

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 - Vendor Advisory~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506 - Vendor Advisory
Summary		(es) Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contraseñas de autenticación SNMPv3 en texto plano. Un usuario con privilegios podría recuperar estas credenciales con conocimiento y acceso a estos archivos de registro. Las credenciales SNMP podrían verse en SANnav SupportSave si la captura se realiza después de que un fallo de configuración SNMP provoque un volcado de registro de comunicación SNMP.
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 5.4

Information

Published : 2023-08-31 01:15

Updated : 2024-11-21 08:02

NVD link : CVE-2023-31925

Mitre link : CVE-2023-31925

CVE.ORG link : CVE-2023-31925

JSON object : View

Products Affected

broadcom

brocade_sannav

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2023-31925", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-08-31T01:15:08.753", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Brocade\n SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords\n in plaintext. A privileged user could retrieve these credentials with \nknowledge and access to these log files. SNMP \ncredentials could be seen in SANnav SupportSave if the capture is \nperformed after an SNMP configuration failure causes an SNMP \ncommunication log dump.\n\n\n"}, {"lang": "es", "value": "Brocade SANnav antes de v2.3.0 y v2.2.2a almacena las contrase\u00f1as de autenticaci\u00f3n SNMPv3 en texto plano. Un usuario con privilegios podr\u00eda recuperar estas credenciales con conocimiento y acceso a estos archivos de registro. Las credenciales SNMP podr\u00edan verse en SANnav SupportSave si la captura se realiza despu\u00e9s de que un fallo de configuraci\u00f3n SNMP provoque un volcado de registro de comunicaci\u00f3n SNMP. "}], "lastModified": "2024-11-21T08:02:24.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D1A8656-FE4D-44EC-B72F-C15FAF7B465D", "versionEndExcluding": "2.2.2a"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}