Broadcom Brocade Fabric Operating System vulnerabilities

7 known vulnerabilities affecting broadcom/brocade_fabric_operating_system.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2023-31432HIGHCVSS 7.8fixed in 9.1.1c2023-08-02
CVE-2023-31432 [HIGH] CWE-269 CVE-2023-31432: Through manipulation of passwords or other variables, using commands such as portcfgupload, configup Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
nvd
CVE-2023-31926HIGHCVSS 7.1fixed in 9.1.1c2023-08-02
CVE-2023-31926 [HIGH] CWE-281 CVE-2023-31926: System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
nvd
CVE-2023-31428MEDIUMCVSS 5.5fixed in 9.1.1cv9.2.02023-08-02
CVE-2023-31428 [MEDIUM] CWE-434 CVE-2023-31428: Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command l Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.
nvd
CVE-2023-31430MEDIUMCVSS 5.5fixed in 9.1.1cv9.2.02023-08-02
CVE-2023-31430 [MEDIUM] CWE-120 CVE-2023-31430: A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fab A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.
nvd
CVE-2023-31927MEDIUMCVSS 5.3fixed in 9.1.1c2023-08-02
CVE-2023-31927 [MEDIUM] CWE-200 CVE-2023-31927: An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric O An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.
nvd
CVE-2023-31431MEDIUMCVSS 5.5fixed in 9.1.1cv9.2.02023-08-02
CVE-2023-31431 [MEDIUM] CWE-120 CVE-2023-31431: A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.
nvd
CVE-2023-31928MEDIUMCVSS 6.1fixed in 9.2.02023-08-02
CVE-2023-31928 [MEDIUM] CWE-79 CVE-2023-31928: A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.
nvd