exploitDog

CVE-2024-29961

Опубликовано: 19 апр. 2024

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

Ссылки

https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

Версия до 2.3.0a (исключая)

EPSS

Процентиль: 79%

0.01239

Низкий

8.2 High

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-59h2-5xw9-v6wf

CVSS3: 8.2

github

почти 2 года назад

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

EPSS

Процентиль: 79%

0.01239

Низкий

8.2 High

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo