CVE-2023-31429Information Exposure via Error Message in Fabric Operating System

CWE-209Information Exposure via Error MessageCWE-77Command InjectionCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 65.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedAug 1

Description

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/fabric_osbefore Brocade Fabric OS v9.1.1c, v9.2.0

🔴Vulnerability Details

2
CVEList
Multiple commands print sensitive information in the terminal2023-08-01
GHSA
GHSA-pp8w-q3c5-5qcp: Brocade Fabric OS before Brocade Fabric OS v92023-08-01
CVE-2023-31429 — Information Exposure via Error Message | cvebase