CVE-2024-29961 — HIGH (8.2)

Q: How severe is CVE-2024-29961?

CVE-2024-29961 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-29961?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Brocade Sannav.

Vulnerability Description

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Broadcom	Brocade Sannav	< 2.3.0a

Related Weaknesses (CWE)

CWE-200

References

https://support.broadcom.com/external/content/SecurityAdvisories/0/23246Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246Vendor Advisory

FAQ

What is CVE-2024-29961?

CVE-2024-29961 is a vulnerability with a CVSS score of 8.2 (HIGH). A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates ar...

How severe is CVE-2024-29961?

CVE-2024-29961 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-29961?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Brocade Sannav.