CVE-2024-29960

MEDIUM

Brocade SANnav <2.3.1-2.3.0a - MITM

Title source: llm

Description

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.

References (1)

Core 1

Core References

Vendor Advisory

https://support.broadcom.com/external/content/SecurityAdvisories/0/23244

Scores

CVSS v3 6.8

EPSS 0.0012

EPSS Percentile 31.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

broadcom/brocade_sannav < 2.3.0a

Published Apr 19, 2024

Tracked Since Feb 18, 2026