Exposure of Core Dump File to an Unauthorized Control Sphere

CVE-2024-10403

Medium

5.9/10

Summary

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-528 - Exposure of Core Dump File to an Unauthorized Control Sphere

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

References

Advisory Timeline

Published Nov 21, 2024

Exposure of Core Dump File to an Unauthorized Control Sphere

CVE-2024-10403

Summary

CWE-528 - Exposure of Core Dump File to an Unauthorized Control Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS