Filtered by vendor Broadcom
Subscriptions
Filtered by product Fabric Operating System
Subscriptions
Total
71 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 7.2 High |
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | ||||
CVE-2022-33179 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 8.8 High |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | ||||
CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 5.5 Medium |
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | ||||
CVE-2022-33184 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 7.8 High |
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | ||||
CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 6.5 Medium |
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | ||||
CVE-2022-28169 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 8.8 High |
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | ||||
CVE-2023-31427 | 1 Broadcom | 1 Fabric Operating System | 2024-08-02 | 7.8 High |
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | ||||
CVE-2023-31426 | 1 Broadcom | 1 Fabric Operating System | 2024-08-02 | 6.8 Medium |
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | ||||
CVE-2023-31425 | 1 Broadcom | 1 Fabric Operating System | 2024-08-02 | 7.8 High |
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | ||||
CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2024-08-02 | 4.4 Medium |
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | ||||
CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2024-08-02 | 8.6 High |
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. |