CVE-2024-29960

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-798
View all →

Vulnerability Description

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.

Related Vulnerabilities

CVE-2005-3716

HIGH
CVSS:7.5(High)

The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive ...

CWE-7982005

CVE-2005-3803

HIGH
CVSS:7.5(High)

Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

CWE-7982005

CVE-2010-2073

HIGH
CVSS:7.5(High)

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP ser...

CWE-7982010

CVE-2013-1352

HIGH
CVSS:7.5(High)

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.

CWE-7982013

CVE-2013-2567

HIGH
CVSS:7.5(High)

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sens...

CWE-7982013

CVE-2013-2572

HIGH
CVSS:7.5(High)

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which...

CWE-7982013