CVE-2025-12772 in SANnav
Summary
by MITRE • 02/03/2026
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs.
When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the switch admin password.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/09/2026
This vulnerability exists in Brocade SANnav versions prior to 2.4.0b where administrative credentials are improperly handled during system failure conditions. The flaw manifests when out-of-memory conditions occur on the SANnav server, causing the system to generate heap dump files that inadvertently capture sensitive authentication information. The technical implementation fails to properly sanitize or redact administrative passwords that appear in call stack traces during memory allocation failures, resulting in clear text password exposure within diagnostic logs.
The operational impact of this vulnerability is significant as it creates an attack vector for remote authenticated adversaries who already possess administrative privileges on the SANnav system. These attackers can leverage their existing access to retrieve support save files and heap dump data containing the clear text passwords for Brocade Fabric OS switches. This represents a critical privilege escalation risk where attackers can obtain credentials for network infrastructure components, potentially enabling them to compromise entire storage area networks. The vulnerability directly maps to CWE-546 which addresses the disclosure of sensitive information through the inclusion of sensitive data in error messages or diagnostic output.
The attack surface extends beyond simple credential theft as this exposure enables attackers to gain unauthorized access to storage fabric components, potentially allowing them to modify switch configurations, intercept storage traffic, or disable security controls within the SAN environment. This weakness violates fundamental security principles of least privilege and proper credential handling, as the system fails to implement proper data sanitization during error condition reporting. The vulnerability also aligns with ATT&CK technique T1552.001 which covers "Credentials In Files" and T1078.004 which addresses "Valid Accounts: Cloud Accounts" through the compromise of administrative credentials within network infrastructure.
Organizations should immediately implement the available patches for Brocade SANnav versions 2.4.0b and later to address this issue. System administrators should also conduct thorough audits of existing support save files and heap dump data to identify any potential exposure of administrative credentials. Additional mitigations include implementing strict access controls on support file repositories, regular monitoring of system log files for suspicious activity, and ensuring that diagnostic data is properly sanitized before being stored or transmitted. Network segmentation and monitoring of SAN infrastructure should be enhanced to detect unauthorized access attempts following credential exposure.