Brocade SANnav SSH Key Reuse Before 2.3.1 MITM on SSH
CVE-2024-29960 Published on April 19, 2024
Identical SSH keys utilized inside the OVA image (CVE-2024-29960)
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.
Vulnerability Analysis
Weakness Type
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Products Associated with CVE-2024-29960
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-29960 are published in Broadcom Brocade Sannav:
Affected Versions
Brocade SANnav:- Version before v2.3.1 and v2.3.0a is affected.
- Version * is affected.
- Version * is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.