CVE-2024-5462

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5462
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24610 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
History

23 Feb 2026, 14:56

Type Values Removed Values Added
First Time Broadcom fabric Operating System
Broadcom
Summary
  • (es) Si los ajustes de configuración de Brocade Fabric OS anteriores a Fabric OS 9.2.0 no están configurados para cifrar las contraseñas SNMP, los campos privsecret/authsecret de SNMP pueden exponerse en texto plano. Las contraseñas en texto plano pueden exponerse en una captura de configupload o en una captura de supportave si el cifrado de contraseñas no está habilitado. Un atacante puede usar estas contraseñas para obtener valores de los OID compatibles a través de consultas SNMPv3. También hay una cantidad limitada de objetos MIB que se pueden modificar.
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24610 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24610 - Vendor Advisory
CPE cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

15 Feb 2025, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-15 00:15

Updated : 2026-02-23 14:56

NVD link : CVE-2024-5462

Mitre link : CVE-2024-5462

CVE.ORG link : CVE-2024-5462

JSON object : View

Products Affected

broadcom

  • fabric_operating_system
CWE
CWE-319

Cleartext Transmission of Sensitive Information