CVE-2022-33186OS Command Injection in Fabric OS

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Brocade Fabric OSBroadcom Fabric Operating SystemBrocade Fabric Operating System
Timeline
PublishedDec 8
Latest updateDec 9

Description

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5brocade/brocade_fabric_osBrocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions
NVDbroadcom/fabric_operating_system7.4.2j, 8.2.3c, 9.0.1e+2

🔴Vulnerability Details

2
GHSA
GHSA-3jfg-74jc-hjq4: A vulnerability in Brocade Fabric OS software v92022-12-09
CVEList
CVE-2022-33186: A vulnerability in Brocade Fabric OS software v92022-12-08
CVE-2022-33186 — OS Command Injection in Fabric OS | cvebase