CVE-2024-5462 MEDIUM

CVE-2024-5462: Brocade Fabric OS may capture SNMP Passwords in clear text

Vendor Brocade
Product Brocade Fabric OS
Weakness CWE-319 · Cleartext transmission
Published February 14, 2025
Last update February 18, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.

Key dates

02Disclosure timeline

February 14, 2025 CVE published
February 18, 2025 Record updated