CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-26 00:15

Updated : 2024-06-26 12:44

NVD link : CVE-2024-5460

Mitre link : CVE-2024-5460

CVE.ORG link : CVE-2024-5460

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-5460", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-06-26T00:15:11.093", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409", "source": "sirt@brocade.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the default configuration of the Simple Network \nManagement Protocol (SNMP) feature of Brocade Fabric OS versions before \nv9.0.0 could allow an authenticated, remote attacker to read data from \nan affected device via SNMP. The vulnerability is due to hard-coded, \ndefault community string in the configuration file for the SNMP daemon. \nAn attacker could exploit this vulnerability by using the static \ncommunity string in SNMP version 1 queries to an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la configuraci\u00f3n predeterminada de la funci\u00f3n del Protocolo simple de administraci\u00f3n de red (SNMP) de las versiones de Brocade Fabric OS anteriores a v9.0.0 podr\u00eda permitir que un atacante remoto autenticado lea datos de un dispositivo afectado a trav\u00e9s de SNMP. La vulnerabilidad se debe a una cadena de comunidad predeterminada codificada en el archivo de configuraci\u00f3n del demonio SNMP. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando la cadena de comunidad est\u00e1tica en las consultas SNMP versi\u00f3n 1 a un dispositivo afectado."}], "lastModified": "2024-06-26T12:44:29.693", "sourceIdentifier": "sirt@brocade.com"}

8.1 /10