CVE-2024-10405 – Brocade SANnav versions before 2.3.1b enable we... (How to Fix)

📋 TL;DR

Brocade SANnav versions before 2.3.1b enable weak TLS ciphers on ports 443 and 18082, allowing attackers to intercept and read network traffic containing switch performance data, zoning information, and device identifiers. This affects organizations using Brocade SANnav for storage area network management. No customer data, personal information, or credentials are exposed.

💻 Affected Systems

Products:

Brocade SANnav

Versions: All versions before SANnav 2.3.1b

Operating Systems: Not OS-specific - appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects default TLS configuration on management ports 443 and 18082

📦 What is this software?

Brocade Sannav by Broadcom

View all CVEs affecting Brocade Sannav →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker intercepts all SANnav management traffic, gaining visibility into network topology, switch configurations, and device identifiers, potentially enabling further attacks on the storage infrastructure.

🟠

Likely Case

An attacker with network access captures performance metrics, port status, zoning data, and WWN/IP addresses, compromising network visibility and potentially aiding reconnaissance for targeted attacks.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to intercepted non-sensitive telemetry data that doesn't include credentials or customer information.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires man-in-the-middle position or network access to intercept TLS traffic; attacker must force downgrade to weak ciphers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SANnav 2.3.1b

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402

Restart Required: Yes

Instructions:

1. Download SANnav 2.3.1b from Broadcom support portal
2. Backup current configuration
3. Apply update following vendor documentation
4. Restart SANnav services

🔧 Temporary Workarounds

Disable weak TLS ciphers

all

Manually configure SANnav to disable weak TLS ciphers and enforce strong encryption

Configuration steps vary by version - consult vendor documentation

Network segmentation

all

Isolate SANnav management traffic to trusted networks only

Implement firewall rules to restrict access to ports 443 and 18082

🧯 If You Can't Patch

Implement strict network segmentation to limit access to SANnav management interfaces
Deploy network monitoring and IDS/IPS to detect TLS downgrade attacks

🔍 How to Verify

Check if Vulnerable:

Check SANnav version via web interface or CLI; test TLS configuration on ports 443 and 18082 using tools like nmap or testssl.sh

Check Version:

From SANnav CLI: show version or check web interface About page

Verify Fix Applied:

Verify version is 2.3.1b or later; test that weak ciphers are rejected on ports 443 and 18082

📡 Detection & Monitoring

Log Indicators:

TLS handshake failures, unexpected cipher suite negotiations

Network Indicators:

TLS downgrade attempts, unusual traffic patterns on ports 443/18082

SIEM Query:

source_port:443 OR source_port:18082 AND (event_type:tls_handshake OR protocol:ssl) AND cipher_suite:weak

📊 Metadata

CVE ID: CVE-2024-10405

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-327

EPSS Score: 0.07% exploit probability (20.4th percentile)

Published: February 15, 2025

Last Updated: August 26, 2025

🔗 References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10405, you might also want to check these: