Brocade SANnav <=v2.3.1 SHA-1 in internal SSH (CVE-2024-29951)
CVE-2024-29951 Published on April 17, 2024

Brocade SANnav has weak encryption in internal SSH ports
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Inadequate Encryption Strength

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.

Products Associated with CVE-2024-29951

Want to know whenever a new CVE is published for Broadcom Brocade Sannav? stack.watch will email you.

Broadcom Brocade Sannav

Affected Versions

Brocade SANnav:

Version before v2.3.1 and v2.3.0a is affected.

brocade sannav:

Before 2.3.0a is affected.

Exploit Probability

EPSS

0.07%

Percentile

20.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Brocade SANnav <=v2.3.1 SHA-1 in internal SSH (CVE-2024-29951)CVE-2024-29951 Published on April 17, 2024

Vulnerability Analysis

Weakness Type

Inadequate Encryption Strength

Products Associated with CVE-2024-29951

Affected Versions

Exploit Probability

Brocade SANnav <=v2.3.1 SHA-1 in internal SSH (CVE-2024-29951)
CVE-2024-29951 Published on April 17, 2024