CVE-2024-29954

Опубликовано: 26 июн. 2024

Источник: nvd

CVSS3: 5.9

CVSS3: 5.5

EPSS Низкий

Описание

Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

Версия до 8.2.3e (исключая)

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

Версия от 9.0.1 (включая) до 9.1.1d (исключая)

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

Версия от 9.2.0 (включая) до 9.2.0b (исключая)

EPSS

Процентиль: 17%

0.00054

Низкий

5.9 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-312

CWE-532

Связанные уязвимости

GHSA-4j3p-3m7m-jgp4

CVSS3: 5.9

github

больше 1 года назад

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

EPSS

Процентиль: 17%

0.00054

Низкий

5.9 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-312

CWE-532