CVE-2024-5461OS Command Injection in Fabric Operating System

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
8.6HIGHNVD
EPSS
0.1%
top 68.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedFeb 15

Description

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5brocade/brocade_fabric_osbefore 8.2.3e1_pha

🔴Vulnerability Details

2
CVEList
Command or parameter injection via unique embedded switch SNMP commands.2025-02-15
GHSA
GHSA-m4cp-qj9v-7wpc: Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script ca2025-02-15
CVE-2024-5461 — OS Command Injection | cvebase