CVE-2024-5460

HIGH

Brocade Fabric OS < 9.0.0 - Authenticated Data Exposure via SNMP Default Community String

Title source: llm

Description

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device.

References (1)

Core 1

Core References

Vendor Advisory

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409

Scores

CVSS v3 8.1

EPSS 0.0049

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

broadcom/fabric_operating_system < 9.0.0

Published Jun 26, 2024

Tracked Since Feb 18, 2026