CVE-2024-10403 Information

Description

Brocade Fabric OS versions before 8.2.3e2 versions 9.0.0 through 9.2.0c and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145