CVE-2024-29964: Unauthorized Access to Sensitive Data in Brocade SANnav before v2.3.a due to Incorrect File Permissions

---
A vulnerability (CVE-2024-29964) has been identified in Brocade SANnav versions before v2.3.a related to how the application sets permissions on certain files, including critical Docker files. Successful exploitation of this vulnerability could allow an unprivileged attacker to gain unauthorized access to sensitive information.

Affected Software

---

Details

---
The underlying issue in CVE-2024-29964 is the lack of proper file permission enforcement on the affected Brocade SANnav versions. As a result, an attacker with unauthorized access to the server can view the contents of sensitive files and potentially extract valuable information.

Exploitation of this vulnerability could lead to the compromise of sensitive configuration details, access keys and other credentials, and ultimately escalate privileges within the system.

The exploitable file permissions could be demonstrated using a simple Python script

import os

def check_permissions(file_path):
    st = os.stat(file_path)
    return oct(st.st_mode)[-3:]

sensitive_files = [
    '/path/to/docker/file1',
    '/path/to/docker/file2',
    '/path/to/docker/file3',
]

for file_path in sensitive_files:
    print(f"{file_path}: {check_permissions(file_path)}")

Running this script against the target system would result in permission information for the specified file paths:

/path/to/docker/file1: 755
/path/to/docker/file2: 644
/path/to/docker/file3: 664

As seen in the output, several of the specified files have permissions that allow unauthorized read access to sensitive information contained within.

Links to Original References

---
- CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29964
- NVD (National Vulnerability Database) Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-29964

Solution

---
To mitigate this vulnerability, upgrade to Brocade SANnav v2.3.a or later, which includes the necessary fixes for correct file permission enforcement.

Identify the affected sensitive files (including Docker files) in your installation.

2. Use the chmod command in the terminal on Linux-based systems or the icacls command in the Command Prompt on Windows-based systems to set the appropriate permissions for each identified file.

For example, on a Linux system, the permissions could be changed like so

sudo chmod 640 /path/to/docker/file1
sudo chmod 640 /path/to/docker/file2
sudo chmod 640 /path/to/docker/file3

Please note that this workaround would need to be applied after each installation or upgrade, and it is highly recommended to perform a full upgrade as soon as possible.

Key Takeaways

---
- CVE-2024-29964 is a vulnerability that affects Brocade SANnav versions before v2.3.a due to incorrect file permissions on sensitive data.
- Successful exploitation could allow an unprivileged attacker to gain unauthorized access to sensitive information and escalate system privileges.

The recommended solution is to upgrade Brocade SANnav to version v2.3.a or later.

- If an immediate upgrade is not possible, apply the described temporary workaround to protect critical data from unauthorized access.

Timeline

Published on: 04/19/2024 04:39:17 UTC
Last modified on: 06/04/2024 17:56:52 UTC