CVE Identifier: CVE-2024-2859 Product/Component: Brocade SANnav Status: Closed Severity: Medium CVSS Base Score: 6.8 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Brocade Security Advisory ID: BSA-2024-2560 Component: OpenSSH Summary: By default, SANnav OVA is shipped with root user login enabled. Product Affected: All Brocade OVA SANnav versions Mitigation: Starting with SANnav OVA version v2.3.0 and later, a root account is not required. If root login needs to be disabled: 1. Login as root and create a local sudo user. 2. Edit and set . 3. Restart sshd. 4. Logout from root and login as the sudo user. 5. Start SANnav installation. Credit: - Brocade found and fixed the issue in Brocade SANnav v2.3.0. - Pierre Barre reported the issue later. Revision History: - 1.0: Initial Publication (2024-04-16) - 2.0: Added mitigation steps (2024-04-26) - 2.1: Minor grammar edits (2024-04-30)