CVE-2024-2240

High

Published: 14 February 2025

Published

14 February 2025

Modified

26 August 2025

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0102 77.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2240 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Broadcom Brocade Sannav. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 22.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-12 (Audit Record Generation) and AU-2 (Event Logging).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AU-12 Audit Record Generation good match

detect

Directly requires generation of audit records for defined events in system components like the Docker daemon, addressing the core vulnerability of running without auditing.

AU-2 Event Logging good match

detect

Mandates logging of key events such as privileged operations in the Docker daemon, enabling detection of attacks that would otherwise go unlogged.

AU-6 Audit Record Review, Analysis, and Reporting good match

detect

Requires review and analysis of audit records to identify inappropriate activities performed through the unaudited Docker daemon.

NVD Description

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

Deeper analysisAI

CVE-2024-2240 affects the Docker daemon in Brocade SANnav versions prior to 2.3.1b, where it runs without auditing enabled. This misconfiguration, mapped to CWE-250 (Execution with Unnecessary Privileges), exposes the system to potential abuse by allowing actions to go unlogged and undetected. The vulnerability has a CVSS v3.1 base score of 7.2 (High), with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impacts on confidentiality, integrity, and availability.

A remote authenticated attacker with high privileges (PR:H) can exploit this vulnerability to execute various attacks on the SANnav system. The lack of auditing in the Docker daemon enables attackers to perform unauthorized operations without generating logs, facilitating stealthy compromise of the storage area network management platform while evading detection.

Mitigation is addressed in the Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401, which recommends upgrading to SANnav 2.3.1b or later to enable proper auditing in the Docker daemon.

Details

CWE(s): CWE-250

Affected Products

broadcom

brocade sannav

≤ 2.3.1b

CVEs Like This One

CVE-2024-4282Same product: Broadcom Brocade Sannav

CVE-2025-58383Same vendor: Broadcom

CVE-2026-0869Same vendor: Broadcom

CVE-2026-0383Same vendor: Broadcom

CVE-2025-58382Same vendor: Broadcom

CVE-2025-9711Same vendor: Broadcom

CVE-2024-5461Same vendor: Broadcom

CVE-2024-1509Same vendor: Broadcom

CVE-2024-5462Same vendor: Broadcom

CVE-2025-12774Same vendor: Broadcom

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401
Vendor Advisory · sirt@brocade.com