CVE-2024-4282

Critical

Published: 15 February 2025

Published

15 February 2025

Modified

26 August 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

Security Summary

CVE-2024-4282 affects Brocade SANnav OVA versions prior to 2.3.1b, where a deprecated SHA1 setting is enabled for SSH on port 22. This configuration issue falls under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and has a CVSS v3.1 base score of 9.8 (Critical), reflecting its network accessibility (AV:N), low attack complexity (AC:L), lack of required privileges (PR:N), no user interaction (UI:N), and unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability was published on 2025-02-15.

Remote, unauthenticated attackers can exploit this vulnerability over the network by targeting the weak SHA1 cryptographic setting in SSH communications on port 22. Successful exploitation could allow attackers to compromise SSH sessions, potentially leading to unauthorized access, data interception, modification, or disruption of services, aligning with the high CVSS impacts across confidentiality, integrity, and availability.

The Broadcom security advisory at https://support.broadcom.com/external/content/SecurityAdvisories/0/25400 provides details on mitigation, which includes upgrading to SANnav 2.3.1b or later to disable the deprecated SHA1 setting for SSH.

Details

CWE(s): CWE-327

Affected Products

broadcom

brocade sannav

≤ 2.3.1b

References

https://support.broadcom.com/external/content/SecurityAdvisories/0/25400
Vendor Advisory · sirt@brocade.com