CVE-2024-5462

HIGH
Published Feb 15, 2025 Modified Feb 23, 2026 CWE-319

Description

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.

Is your site exposed to CVE-2024-5462?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

CWE-319 CWE-319

Affected Products

Vendor Product
broadcom fabric_operating_system

References

Frequently Asked Questions

What is CVE-2024-5462? +
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified. It has a CVSS v3.1 base score of 7.5 (HIGH).
How severe is CVE-2024-5462? +
CVE-2024-5462 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2024-5462? +
CVE-2024-5462 affects products from broadcom, specifically: fabric_operating_system. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-5462? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-5462 — free, no signup required.