CVE-2024-29968
📋 TL;DR
An information disclosure vulnerability in Brocade SANnav allows authenticated users to access database structure and contents when configured in disaster recovery mode. SQL table names, column names, and queries are exposed in DR standby Supportsave files. This affects Brocade SANnav instances before v2.3.1 and v2.3.0a configured for disaster recovery.
💻 Affected Systems
- Brocade SANnav
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full database schema knowledge enabling targeted SQL injection attacks, data exfiltration of sensitive SAN configuration data, and potential lateral movement to other systems.
Likely Case
Authenticated users or attackers with stolen credentials access database structure information, facilitating further attacks and exposing sensitive SAN management data.
If Mitigated
Limited exposure of database metadata without actual data content, though still providing reconnaissance value to attackers.
🎯 Exploit Status
Requires authenticated access to the SANnav system. Exploitation involves accessing Supportsave files containing SQL metadata.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.3.1 or v2.3.0a
Vendor Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/23253
Restart Required: Yes
Instructions:
1. Download Brocade SANnav v2.3.1 or v2.3.0a from Broadcom support portal. 2. Backup current configuration. 3. Apply the update following vendor documentation. 4. Restart SANnav services. 5. Verify successful upgrade.
🔧 Temporary Workarounds
Disable Disaster Recovery Mode
allTemporarily disable disaster recovery configuration to prevent Supportsave file generation containing SQL metadata.
Consult Brocade SANnav administration guide for DR mode disable procedures
Restrict Access to Supportsave Files
linuxImplement strict file permissions and access controls on Supportsave directories to prevent unauthorized access.
chmod 600 /path/to/supportsave/files
setfacl -m u:admin:rwx /path/to/supportsave
🧯 If You Can't Patch
- Implement strict access controls and authentication monitoring for SANnav administrative interfaces.
- Isolate SANnav management network and restrict access to authorized personnel only.
🔍 How to Verify
Check if Vulnerable:
Check SANnav version via web interface or CLI. If version is below v2.3.1 and not v2.3.0a, and DR mode is enabled, system is vulnerable.Check Version:
sannav --version or check web interface About pageVerify Fix Applied:
Verify SANnav version is v2.3.1 or v2.3.0a. Check that Supportsave files no longer contain SQL table/column names or queries.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Supportsave directories
- Multiple authentication failures followed by successful login
Network Indicators:
- Unusual data transfers from SANnav management interfaces
- SQL query patterns in network traffic to SANnav
SIEM Query:
source="sannav.log" AND (event="file_access" AND path="*supportsave*" AND user!="admin")