CVE-2024-29961

HIGH

Brocade SANnav <2.3.1-2.3.0a - Info Disclosure

Title source: llm

Description

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

References (1)

Core 1

Core References

Vendor Advisory

https://support.broadcom.com/external/content/SecurityAdvisories/0/23246

Scores

CVSS v3 8.2

EPSS 0.0124

EPSS Percentile 79.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

broadcom/brocade_sannav < 2.3.0a

Published Apr 19, 2024

Tracked Since Feb 18, 2026