CVE-2023-31432 — Improper Privilege Management in Brocade Fabric Operating System

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 86.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brocade Fabric Operating System Brocade Fabric OS

Timeline

PublishedAug 2

Description

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDbroadcom/brocade_fabric_operating_system< 9.1.1c

▶CVEListV5brocade/fabric_osbefore Brocade Fabric OS v9.1.1c and v9.2.0

🔴Vulnerability Details

GHSA

GHSA-w5cc-3g2v-73pr: Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could o↗2023-08-02

▶

CVEList

Privilege issues in multiple commands↗2023-08-01

▶