Vulnerability Description
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brocade | Network Advisor | < 14.0.3 |
| Netapp | Brocade Network Advisor | - |
References
- https://security.netapp.com/advisory/ntap-20190411-0005/Third Party Advisory
- https://support.lenovo.com/us/en/product_security/LEN-25655
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
- https://security.netapp.com/advisory/ntap-20190411-0005/Third Party Advisory
- https://support.lenovo.com/us/en/product_security/LEN-25655
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
FAQ
What is CVE-2018-6445?
CVE-2018-6445 is a vulnerability with a CVSS score of 7.5 (HIGH). A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password o...
How severe is CVE-2018-6445?
CVE-2018-6445 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6445?
Check the references section above for vendor advisories and patch information. Affected products include: Brocade Network Advisor, Netapp Brocade Network Advisor.