CVE-2023-31427 — Path Traversal in Fabric Operating System

CWE-22 — Path Traversal3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 85.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedAug 1

Latest updateAug 2

Description

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5brocade/fabric_osafter 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c

▶NVDbroadcom/fabric_operating_system< 9.1.1c

🔴Vulnerability Details

GHSA

GHSA-fhpg-j54r-7h8v: Brocade Fabric OS versions before Brocade Fabric OS v9↗2023-08-02

▶

CVEList

Knowledge of full path name↗2023-08-01

▶