CVE-2024-29967

Published: Apr 19, 2024Modified: Feb 4, 2025

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 0.8 / Impact: 5.2

Source: NVD

Description

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.

Affected (1)

Products: Broadcom: Brocade Sannav

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Broadcom Brocade Sannav	Before 2.3.0a

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://support.broadcom.com/external/content/SecurityAdvisories/0/23254

Source: sirt@brocade.com

Vendor Advisory

https://support.broadcom.com/external/content/SecurityAdvisories/0/23254

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.