CVE-2022-43933

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21221	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

04 Feb 2025, 18:13

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de exposición de información a través de un archivo de registro en Brocade SANnav anterior a Brocade SANnav 2.2.2, donde los secretos de configuración se registran en supportsave. El archivo supportsave lo genera un usuario administrador que soluciona problemas en el conmutador. La información registrada puede incluir nombres de usuario, contraseñas y claves secretas.
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21221 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21221 - Vendor Advisory
CPE		cpe:2.3:a:broadcom:brocade_sannav::::::::
CWE		CWE-532
First Time		Broadcom brocade Sannav Broadcom

21 Nov 2024, 13:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-21 11:15

Updated : 2025-02-04 18:13

NVD link : CVE-2022-43933

Mitre link : CVE-2022-43933

CVE.ORG link : CVE-2022-43933

JSON object : View

Products Affected

broadcom

brocade_sannav

CWE

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2022-43933", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-11-21T11:15:11.077", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21221", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-538"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys."}, {"lang": "es", "value": "Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n a trav\u00e9s de un archivo de registro en Brocade SANnav anterior a Brocade SANnav 2.2.2, donde los secretos de configuraci\u00f3n se registran en supportsave. El archivo supportsave lo genera un usuario administrador que soluciona problemas en el conmutador. La informaci\u00f3n registrada puede incluir nombres de usuario, contrase\u00f1as y claves secretas."}], "lastModified": "2025-02-04T18:13:36.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC77C573-F6AD-451A-B543-682C9276861D", "versionEndExcluding": "2.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}