{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10405","assignerOrgId":"87b297d7-335e-4844-9551-11b97995a791","state":"PUBLISHED","assignerShortName":"brocade","dateReserved":"2024-10-25T23:28:06.111Z","datePublished":"2025-02-14T23:23:18.826Z","dateUpdated":"2025-02-18T16:28:38.800Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Brocade SANnav","vendor":"Brocade","versions":[{"status":"affected","version":"Brocade SANnav before 2.3.1b"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Brocade SANnav before SANnav 2.3.1b \nenables weak TLS ciphers on ports 443 and 18082. In case of a successful\n exploit, an attacker can read Brocade SANnav data stream that includes \nmonitored Brocade Fabric OS switches performance data, port status, \nzoning information, WWNs, IP Addresses, but no customer data, no \npersonal data and no secrets or passwords, as it travels across the \nnetwork.\n\n

"}],"value":"Brocade SANnav before SANnav 2.3.1b \nenables weak TLS ciphers on ports 443 and 18082. In case of a successful\n exploit, an attacker can read Brocade SANnav data stream that includes \nmonitored Brocade Fabric OS switches performance data, port status, \nzoning information, WWNs, IP Addresses, but no customer data, no \npersonal data and no secrets or passwords, as it travels across the \nnetwork."}],"impacts":[{"capecId":"CAPEC-97","descriptions":[{"lang":"en","value":"CAPEC-97: Cryptanalysis"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-327","description":"CWE-327 Use of a Broken or Risky Cryptographic Algorithm","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"87b297d7-335e-4844-9551-11b97995a791","shortName":"brocade","dateUpdated":"2025-02-14T23:23:18.826Z"},"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402"}],"source":{"discovery":"UNKNOWN"},"title":"Weak TLS Ciphers on Brocade SANnav port 443 & 18082","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-18T16:28:34.712182Z","id":"CVE-2024-10405","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-18T16:28:38.800Z"}}]}}