CVE-2024-5462: Brocade Fabric OS may capture SNMP Passwords in clear text
Description
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.
Classification
CVE ID: CVE-2024-5462
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products
Vendor: Brocade
Product: Brocade Fabric OS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.99% (scored less or equal to compared to others)
EPSS Date: 2025-03-15 (when was this score calculated)