Description
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-745
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190411-0005/
Various Sources x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-25655
Scores
CVSS v3
7.5
EPSS
0.0052
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
brocade/network_advisor
< 14.0.3
netapp/brocade_network_advisor
Published
Jan 22, 2019
Tracked Since
Feb 18, 2026