CVE-2024-29954
CVSS V2 None
CVSS V3 None
Description
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.
Detail.
When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.
Overview
- CVE ID
- CVE-2024-29954
- Assigner
- brocade
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-25T23:42:50.227Z
- Last Modified Date
- 2024-06-25T23:42:50.227Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-29954 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29954 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 19:21:45 | Added to TrackCVE |