Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Apr 26, 2024
Supply Chain Attack / Software Security
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules, insecure root access, and Docker misconfigurations to lack of authentication and encryption, thus allowing an attacker to intercept credentials, overwrite arbitrary files, and completely breach the device. Some of the most severe flaws are listed below - CVE-2024-2859 (CVSS score: 8.8) - A vulnerability that could allow an unauthenticated, remote attacker to log in to an affected device using the root account and execute arbitrary commands CVE-2024-29960 (CVSS score: 7.5) - The use of hard-coded SSH keys in the OVA image, which could be exploited by an attacker ...