CVE-2023-3454OS Command Injection in Fabric Operating System

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.6
EPSS
4.9%
top 10.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedApr 4

Description

Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5brocade/fabric_osafter v9.0 and before v9.2.0
NVDbroadcom/fabric_operating_system9.0.09.1.1d1

🔴Vulnerability Details

2
CVEList
CVE-2023-3454: Remote code execution (RCE) vulnerability in Brocade Fabric OS after v92024-04-04
GHSA
GHSA-9243-vfr2-5rcw: Remote code execution (RCE) vulnerability in Brocade Fabric OS after v92024-04-04
CVE-2023-3454 — OS Command Injection | cvebase