CVE-2016-8202 — Improper Privilege Management in Fabric Operating System

CWE-2643 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.7%

top 17.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Communications Systems INC Fibre Channel SAN Products Running Brocade Fabric OS

Timeline

PublishedMay 8

Latest updateMay 13

Description

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5brocade_communications_systems_inc/fibre_channel_san_products_running_brocade_fabric_osFabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b

▶NVDbroadcom/fabric_operating_system7.4.1c+1

🔴Vulnerability Details

GHSA

GHSA-wq4q-gffr-mpf3: A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7↗2022-05-13

▶

CVEList

CVE-2016-8202: A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7↗2017-05-08

▶