{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T11:09:49.001","vulnerabilities":[{"cve":{"id":"CVE-2024-29954","sourceIdentifier":"sirt@brocade.com","published":"2024-06-26T00:15:10.263","lastModified":"2024-11-21T09:08:41.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.\n\nDetail.\nWhen the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line."},{"lang":"es","value":"Una vulnerabilidad en una API de administración de contraseñas en las versiones de Brocade Fabric OS anteriores a v9.2.1, v9.2.0b, v9.1.1d y v8.2.3e imprime información confidencial en archivos de registro. Esto podría permitir a un usuario autenticado ver las contraseñas del servidor para protocolos como scp y sftp. Detalle. Cuando el comando de descarga de firmware se ingresa incorrectamente o apunta a un archivo erróneo, el registro de descarga de firmware captura el comando fallido, incluida cualquier contraseña ingresada en la línea de comando."}],"metrics":{"cvssMetricV31":[{"source":"sirt@brocade.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"sirt@brocade.com","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*","versionEndExcluding":"8.2.3e","matchCriteriaId":"E81DB5A7-856B-4D79-86FE-45D0EB6CA554"},{"vulnerable":true,"criteria":"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.1","versionEndExcluding":"9.1.1d","matchCriteriaId":"8271BD31-8795-4D66-A088-B82EDE143FD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0","versionEndExcluding":"9.2.0b","matchCriteriaId":"64256C4C-AF75-4D8F-80C3-E4EF4AC0CC8E"}]}]}],"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226","source":"sirt@brocade.com","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240822-0010/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}