Brocade Fabric OS SFTP/FTP Server Password Exposure in Core Dump
CVE-2024-10403 Published on November 21, 2024
SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
Brocade Fabric OS versions before
8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can
capture the SFTP/FTP server password used for a firmware download
operation initiated by SANnav or through WebEM in a weblinker core dump
that is later captured via supportsave.
Weakness Type
Exposure of Core Dump File to an Unauthorized Control Sphere
The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.
Products Associated with CVE-2024-10403
stack.watch emails you whenever new vulnerabilities are published in Brocade Fabric Os or Broadcom Fabric Operating System. Just hit a watch button to start following.
Affected Versions
Brocade Fabric OS Version Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a is affected by CVE-2024-10403Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.