supply-chain attack risk

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

信息暴露

Broadcom Brocade SANnav 信息泄露漏洞

Broadcom Brocade SANnav是美国博通（Broadcom）公司的一套SAN管理平台。 Brocade SANnav v2.3.1 版本和 v2.3.0a 版本存在安全漏洞，该漏洞源于 Brocade SANav 服务在后台定期向 gridgain.com 发送 ping 命令，以检查组件是否有可用更新。这可能会让未经身份验证的远程攻击者意识到该行为，并对 Brocade SAnnav 设备发起供应链攻击。

N/A

N/A