Cyber Resilience

CVE-2024-2240

High

Published: 14 February 2025

Published
14 February 2025
Modified
26 August 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 36.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-2240 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Broadcom Brocade Sannav. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Linux Audit System Log (T1685.004); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-12 (Audit Record Generation) and AU-2 (Event Logging).

Deeper analysis

CVE-2024-2240 affects the Docker daemon in Brocade SANnav versions prior to 2.3.1b, where it runs without auditing enabled. This misconfiguration, mapped to CWE-250 (Execution with Unnecessary Privileges), exposes the system to potential abuse by allowing actions to go unlogged and undetected. The vulnerability has a CVSS v3.1 base score of 7.2 (High), with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impacts on confidentiality, integrity, and availability.

A remote authenticated attacker with high privileges (PR:H) can exploit this vulnerability to execute various attacks on the SANnav system. The lack of auditing in the Docker daemon enables attackers to perform unauthorized operations without generating logs, facilitating stealthy compromise of the storage area network management platform while evading detection.

Mitigation is addressed in the Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401, which recommends upgrading to SANnav 2.3.1b or later to enable proper auditing in the Docker daemon.

EU & UK References

Vulnerability details

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685.004 Disable or Modify Linux Audit System Log Defense Impairment
Adversaries may disable or modify the Linux Audit system to hide malicious activity and avoid detection.
Why these techniques?

Lack of Docker daemon auditing directly impairs Linux audit/logging defenses, enabling stealthy privileged actions without detection.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-4282Same product: Broadcom Brocade Sannav
CVE-2025-58383Same vendor: Broadcom
CVE-2025-9711Same vendor: Broadcom
CVE-2026-0869Same vendor: Broadcom
CVE-2025-12774Same vendor: Broadcom
CVE-2024-1509Same vendor: Broadcom
CVE-2024-5462Same vendor: Broadcom
CVE-2024-5461Same vendor: Broadcom
CVE-2026-0383Same vendor: Broadcom
CVE-2025-58382Same vendor: Broadcom

Affected Assets

broadcom
brocade sannav
≤ 2.3.1b

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

detect

Directly requires generation of audit records for defined events in system components like the Docker daemon, addressing the core vulnerability of running without auditing.

detect

Mandates logging of key events such as privileged operations in the Docker daemon, enabling detection of attacks that would otherwise go unlogged.

detect

Requires review and analysis of audit records to identify inappropriate activities performed through the unaudited Docker daemon.

References