Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-2240

Summary
Assigner-brocade
Assigner Org ID-87b297d7-335e-4844-9551-11b97995a791
Published At-14 Feb, 2025 | 04:53
Updated At-14 Feb, 2025 | 15:28
Rejected At-
Credits

Docker implementation in Brocade SANnav is missing Audit Rules.

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:brocade
Assigner Org ID:87b297d7-335e-4844-9551-11b97995a791
Published At:14 Feb, 2025 | 04:53
Updated At:14 Feb, 2025 | 15:28
Rejected At:
▼CVE Numbering Authority (CNA)
Docker implementation in Brocade SANnav is missing Audit Rules.

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

Affected Products
Vendor
Brocade Communications Systems, Inc. (Broadcom Inc.)Brocade
Product
Brocade SANnav
Default Status
affected
Versions
Affected
  • Brocade SANnav before 2.3.1b
Problem Types
TypeCWE IDDescription
CWECWE-250CWE-250: Execution with Unnecessary Privileges
Type: CWE
CWE ID: CWE-250
Description: CWE-250: Execution with Unnecessary Privileges
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-122CAPEC-122: Privilege Abuse
CAPEC ID: CAPEC-122
Description: CAPEC-122: Privilege Abuse
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401
N/A
Hyperlink: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sirt@brocade.com
Published At:14 Feb, 2025 | 05:15
Updated At:26 Aug, 2025 | 19:48

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Broadcom Inc.
broadcom
>>brocade_sannav>>Versions before 2.3.1b(exclusive)
cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-250Secondarysirt@brocade.com
CWE ID: CWE-250
Type: Secondary
Source: sirt@brocade.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401sirt@brocade.com
Vendor Advisory
Hyperlink: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401
Source: sirt@brocade.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

10Records found
CVE-2024-22274
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-53.44% / 97.89%
||
7 Day CHG-3.13%
Published-21 May, 2024 | 17:29
Updated-27 Jun, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-n/aBroadcom Inc.VMware (Broadcom Inc.)
Product-cloud_foundationvcenter_serverVMware vCenter ServerVMware Cloud Foundation (vCenter Server)vmware_center_server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-33178
Matching Score-8
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-8
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.2||HIGH
EPSS-0.81% / 73.29%
||
7 Day CHG+0.05%
Published-25 Oct, 2022 | 00:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15382
Matching Score-8
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-8
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.43%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 14:32
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brocade_sannavBrocade SANnav
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-12594
Matching Score-8
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-8
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.2||HIGH
EPSS-0.53% / 66.39%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 05:21
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-symantec_messaging_gatewaySymantec Messaging Gateway (SMG)
CVE-2024-38813
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-14.58% / 94.20%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 17:13
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-12-11||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Privilege escalation vulnerability

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Action-Not Available
Vendor-n/aBroadcom Inc.VMware (Broadcom Inc.)
Product-vcenter_serverVMware Cloud FoundationVMware vCenter Servervmware_center_servervmware_cloud_foundationvCenter Server
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-273
Improper Check for Dropped Privileges
CVE-2024-21184
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-0.70% / 71.03%
||
7 Day CHG-0.04%
Published-16 Jul, 2024 | 22:40
Updated-01 Aug, 2024 | 22:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XS_DIAG privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks of this vulnerability can result in takeover of Oracle Database RDBMS Security. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverDatabase - Enterprise Editiondatabase_server
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-36048
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.66%
||
7 Day CHG~0.00%
Published-18 Jun, 2025 | 16:04
Updated-24 Aug, 2025 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationRed Hat, Inc.Apple Inc.NovellMicrosoft Corporation
Product-macoswindowswebmethods_integrationlinux_kernelsuse_linuxlinuxwebMethods Integration Server
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2019-16767
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.30% / 52.86%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 17:40
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In EzMaster before 5.2.11 docker containers were executed with advanced privileges by default

The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root)

Action-Not Available
Vendor-inistInist-CNRS
Product-ezmasterezmaster
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-35154
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.18% / 40.13%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 21:57
Updated-20 Sep, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-20478
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.83%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 16:30
Updated-01 Aug, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller (APIC)application_policy_infrastructure_controller
CWE ID-CWE-250
Execution with Unnecessary Privileges
Details not found