CVE-2024-4282

Critical

Published: 15 February 2025

Published

15 February 2025

Modified

26 August 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-4282 is a critical-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Broadcom Brocade Sannav. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-13 (Cryptographic Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-13 Cryptographic Protection good match

prevent

SC-13 mandates the use of approved cryptographic mechanisms, directly prohibiting deprecated SHA1 in SSH communications to protect confidentiality and integrity.

CM-6 Configuration Settings good match

prevent

CM-6 requires secure configuration settings for system components, ensuring the SSH service disables weak SHA1 algorithms as per vendor guidance.

SC-8 Transmission Confidentiality and Integrity good match

prevent

SC-8 protects the confidentiality and integrity of transmitted information over SSH, mitigating risks from SHA1's cryptographic weaknesses.

NVD Description

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

Deeper analysisAI

CVE-2024-4282 affects Brocade SANnav OVA versions prior to 2.3.1b, where a deprecated SHA1 setting is enabled for SSH on port 22. This configuration issue falls under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and has a CVSS v3.1 base score of 9.8 (Critical), reflecting its network accessibility (AV:N), low attack complexity (AC:L), lack of required privileges (PR:N), no user interaction (UI:N), and unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability was published on 2025-02-15.

Remote, unauthenticated attackers can exploit this vulnerability over the network by targeting the weak SHA1 cryptographic setting in SSH communications on port 22. Successful exploitation could allow attackers to compromise SSH sessions, potentially leading to unauthorized access, data interception, modification, or disruption of services, aligning with the high CVSS impacts across confidentiality, integrity, and availability.

The Broadcom security advisory at https://support.broadcom.com/external/content/SecurityAdvisories/0/25400 provides details on mitigation, which includes upgrading to SANnav 2.3.1b or later to disable the deprecated SHA1 setting for SSH.

Details

CWE(s): CWE-327

Affected Products

broadcom

brocade sannav

≤ 2.3.1b

CVEs Like This One

CVE-2024-2240Same product: Broadcom Brocade Sannav

CVE-2026-0869Same vendor: Broadcom

CVE-2025-58383Same vendor: Broadcom

CVE-2026-0383Same vendor: Broadcom

CVE-2025-58382Same vendor: Broadcom

CVE-2025-9711Same vendor: Broadcom

CVE-2024-5461Same vendor: Broadcom

CVE-2024-1509Same vendor: Broadcom

CVE-2024-5462Same vendor: Broadcom

CVE-2025-12774Same vendor: Broadcom

References

https://support.broadcom.com/external/content/SecurityAdvisories/0/25400
Vendor Advisory · sirt@brocade.com