CVE-2022-28161

Published: May 9, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

Affected (1)

Products: Brocade: Sannav

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Brocade Sannav	Before 2.2.0

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1840

Source: sirt@brocade.com

Vendor Advisory

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1840

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.