CVE-2023-3489 — Cleartext Storage of Sensitive Info in Fabric OS

CWE-312 — Cleartext Storage of Sensitive Info CWE-820 — Missing Synchronization6 documents6 sources

Severity

7.5HIGHNVD

CNA8.6

EPSS

0.1%

top 75.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Brocade Fabric OS Broadcom Fabric Operating System

Timeline

PublishedAug 31

Latest updateDec 30

Description

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5brocade/fabric_osBrocade Fabric OS v9.2.0

▶NVDbroadcom/fabric_operating_system9.2.0

🔴Vulnerability Details

OSV

net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().↗2025-12-30

▶

GHSA

GHSA-qw3m-jfhw-49pg: The firmwaredownload command on Brocade Fabric OS v9↗2023-08-31

▶

CVEList

firmwaredownload command could log servers passwords in clear text↗2023-08-30

▶

📋Vendor Advisories

Red Hat

kernel: net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()↗2025-12-30

▶