CVE-2016-8202 - OpenCVE

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

OR	cpe:2.3:o:broadcom:fabric_operating_system::::::::
	cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/98332
http://www.securitytracker.com/id/1038401
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208

History

No history.

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2017-05-08T18:00:00

Updated: 2024-08-06T02:13:21.819Z

Reserved: 2016-09-13T00:00:00

Link: CVE-2016-8202

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-08T18:29:00.217

Modified: 2021-06-22T15:20:05.800

Link: CVE-2016-8202

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Fibre Channel SAN products running Brocade Fabric OS (FOS).", "vendor": "Brocade Communications Systems, Inc.", "versions": [{"status": "affected", "version": "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b"}]}], "datePublic": "2017-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-15T18:57:01", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"name": "1038401", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038401"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us"}, {"name": "98332", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98332"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2016-8202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fibre Channel SAN products running Brocade Fabric OS (FOS).", "version": {"version_data": [{"version_value": "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b"}]}}]}, "vendor_name": "Brocade Communications Systems, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation."}]}]}, "references": {"reference_data": [{"name": "1038401", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038401"}, {"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us"}, {"name": "98332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98332"}, {"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208", "refsource": "CONFIRM", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:13:21.819Z"}, "title": "CVE Program Container", "references": [{"name": "1038401", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038401"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us"}, {"name": "98332", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98332"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"}]}]}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2016-8202", "datePublished": "2017-05-08T18:00:00", "dateReserved": "2016-09-13T00:00:00", "dateUpdated": "2024-08-06T02:13:21.819Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F1B2095-2EAB-40F5-ABC1-3B592413A09F", "versionEndIncluding": "7.4.1c", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CA532CBE-FCAF-4AE7-9A39-808864223E41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."}, {"lang": "es", "value": "Una vulnerabilidad de escalamiento de privilegios en los productos de Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) versiones anteriores a 7.4.1d y 8.0.1b, podr\u00eda permitir a un atacante autenticado elevar los privilegios de las cuentas de usuario que acceden al sistema por medio de la interfaz de l\u00ednea de comandos. En versiones afectadas, los usuarios no root pueden conseguir acceso root con una combinaci\u00f3n de comandos y par\u00e1metros de shell."}], "id": "CVE-2016-8202", "lastModified": "2021-06-22T15:20:05.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-08T18:29:00.217", "references": [{"source": "sirt@brocade.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98332"}, {"source": "sirt@brocade.com", "url": "http://www.securitytracker.com/id/1038401"}, {"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us"}, {"source": "sirt@brocade.com", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}