CVE-2024-7516Key Exchange without Entity Authentication in Fabric Operating System

CWE-322Key Exchange without Entity AuthenticationCWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.2%
top 56.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedNov 12

Description

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:H/SI:N/SA:N

Affected Packages2 packages

CVEListV5brocade/fabric_osbefore 9.2.2

🔴Vulnerability Details

2
GHSA
GHSA-q7j7-7r72-9h66: A vulnerability in Brocade Fabric OS versions before 92024-11-12
CVEList
Brocade Fabric OS before 9.2.2 does not enforce strict host key checking2024-11-12
CVE-2024-7516 — Fabric Operating System vulnerability | cvebase