Severe Flaws Disclosed in Brocade SANnav SAN Management Software

2 weeks ago AndyC

Apr 26, 2024NewsroomSupply Chain Attack / Software Security

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances.

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Apr 26, 2024NewsroomSupply Chain Attack / Software Security

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances.

The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them.

The issues range from incorrect firewall rules, insecure root access, and Docker misconfigurations to lack of authentication and encryption, thus allowing an attacker to intercept credentials, overwrite arbitrary files, and completely breach the device.

Cybersecurity

Some of the most severe flaws are listed below –

  • CVE-2024-2859 (CVSS score: 8.8) – A vulnerability that could allow an unauthenticated, remote attacker to log in to an affected device using the root account and execute arbitrary commands
  • CVE-2024-29960 (CVSS score: 7.5) – The use of hard-coded SSH keys in the OVA image, which could be exploited by an attacker to decrypt the SSH traffic to the SANnav appliance and compromise it.
  • CVE-2024-29961 (CVSS score: 8.2) – A vulnerability that can allow an unauthenticated, remote attacker to stage a supply chain attack by taking advantage of the fact the SANnav service sends ping commands in the background at periodic intervals to the domains gridgain[.]com and ignite.apache[.]org to check for updates
  • CVE-2024-29963 (CVSS score: 8.6) – The use of hard-coded Docker keys in SANnav OVA to reach remote registries over TLS, thereby allowing an attacker to carry out adversary-in-the-middle (AitM) attack on the traffic
  • CVE-2024-29966 (CVSS score: 7.5) – The presence of hard-coded credentials for root users in publicly-available documentation that could permit an unauthenticated attacker full access to the Brocade SANnav appliance.

Following responsible disclosure twice in August 2022 and May 2023, the flaws have been addressed in SANnav version 2.3.1 released in December 2023. Brocade’s parent company Broadcom, which also owns Symantec and VMware, released advisories for the flaws earlier this month.

Hewlett Packard Enterprise has also shipped patches for a subset of these vulnerabilities in HPE SANnav Management Portal versions 2.3.0a and 2.3.1 as of April 18, 2024.

SANnav SAN Management Software

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

2 hours ago AndyC
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

2 hours ago AndyC
New Case Study: The Malicious Comment

New Case Study: The Malicious Comment

2 hours ago AndyC
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)

Google Simplifies 2-Factor Authentication Setup (It’s More Important Than Ever)

2 hours ago AndyC
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

2 hours ago AndyC
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

20 hours ago AndyC

You may have missed

Accelerating SaaS security certifications to maximize market access

2 hours ago AndyC

Empowering Cybersecurity with AI: The Future of Cisco XDR

2 hours ago AndyC
Red Hat seeks to shrink IT skills gap with Lightspeed gen AI

Red Hat seeks to shrink IT skills gap with Lightspeed gen AI

2 hours ago AndyC
3+ reasons Apple might want to make its own server chips

3+ reasons Apple might want to make its own server chips

2 hours ago AndyC
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

2 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.