CVE-2024-10405 MEDIUM

CVE-2024-10405: Weak TLS Ciphers on Brocade SANnav port 443 & 18082

Vendor Brocade
Product Brocade SANnav
Weakness CWE-327 · Broken crypto
Published February 14, 2025
Last update February 18, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.

Key dates

02Disclosure timeline

February 14, 2025 CVE published
February 18, 2025 Record updated