CVE-2024-5462 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2024-5462?

CVE-2024-5462 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-5462?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Fabric Operating System.

Vulnerability Description

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Broadcom	Fabric Operating System	< 9.2.0

Related Weaknesses (CWE)

CWE-319

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/conVendor Advisory

FAQ

What is CVE-2024-5462?

CVE-2024-5462 is a vulnerability with a CVSS score of 7.5 (HIGH). If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwo...

How severe is CVE-2024-5462?

CVE-2024-5462 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-5462?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Fabric Operating System.