Broadcom Fabric Operating System vulnerabilities
79 known vulnerabilities affecting broadcom/fabric_operating_system.
Total CVEs
79
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH38MEDIUM31LOW3
Vulnerabilities
Page 1 of 4
CVE-2025-1976P1MEDIUMCVSS 6.7KEV≥ 9.1.0, < 9.1.1d72025-04-24
CVE-2025-1976 [MEDIUM] CWE-94 CVE-2025-1976: Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
nvd
CVE-2022-33186P2CRITICALCVSS 9.8v7.4.2jv8.2.3c+1 more2022-12-08
CVE-2022-33186 [CRITICAL] CWE-78 CVE-2022-33186: A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier version
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.
nvd
CVE-2023-3454P2CRITICALCVSS 9.8≥ 9.0.0, < 9.1.1d12024-04-04
CVE-2023-3454 [CRITICAL] CWE-78 CVE-2023-3454: Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could al
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
nvd
CVE-2020-15373P2CRITICALCVSS 9.8v8.2.1v8.2.1a+8 more2020-09-25
CVE-2020-15373 [CRITICAL] CWE-119 CVE-2020-15373: Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
nvd
CVE-2016-8202P3HIGHCVSS 8.8≤ 7.4.1cv8.0.12017-05-08
CVE-2016-8202 [HIGH] CWE-264 CVE-2016-8202: A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combinati
nvd
CVE-2022-33183P3HIGHCVSS 8.8fixed in 7.4.2.j≥ 8.0.0, < 8.2.3c+1 more2022-10-25
CVE-2022-33183 [HIGH] CWE-787 CVE-2022-33183: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5,
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.
nvd
CVE-2021-27797P3CRITICALCVSS 9.8≥ 7.0.0, ≤ 7.4.2h≥ 8.0.0, ≤ 8.0.2f+2 more2022-02-21
CVE-2021-27797 [CRITICAL] CWE-798 CVE-2021-27797: Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
nvd
CVE-2018-6442P3HIGHCVSS 8.8≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6442 [HIGH] CVE-2018-6442: A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
nvd
CVE-2025-58382P3HIGHCVSS 7.2fixed in 9.2.1c2≥ 9.2.2, < 9.2.2b2026-02-03
CVE-2025-58382 [HIGH] CWE-305 CVE-2025-58382: A vulnerability in the secure configuration of authentication and management services in Brocade Fa
A vulnerability in the secure configuration of authentication and
management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could
allow an authenticated, remote attacker with administrative credentials
to execute arbitrary commands as root using “supportsave”,
“seccertmgmt”, “configupload” command.
nvd
CVE-2024-5460P3HIGHCVSS 8.1fixed in 9.0.02024-06-26
CVE-2024-5460 [HIGH] CWE-798 CVE-2024-5460: A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) featu
A vulnerability in the default configuration of the Simple Network
Management Protocol (SNMP) feature of Brocade Fabric OS versions before
v9.0.0 could allow an authenticated, remote attacker to read data from
an affected device via SNMP. The vulnerability is due to hard-coded,
default community string in the configuration file for the SNMP daemon.
An at
nvd
CVE-2025-58383P3HIGHCVSS 7.2fixed in 9.2.1c2≥ 9.2.2, < 9.2.2b2026-02-03
CVE-2025-58383 [HIGH] CWE-250 CVE-2025-58383: A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.
nvd
CVE-2020-15369P3HIGHCVSS 8.8v8.2.1v8.2.1a+7 more2020-09-25
CVE-2020-15369 [HIGH] CWE-521 CVE-2020-15369: Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.
nvd
CVE-2022-28169P3HIGHCVSS 8.8≥ 8.0.0, < 8.2.3c≥ 9.0.0, < 9.0.1e+1 more2022-10-25
CVE-2022-28169 [HIGH] CWE-269 CVE-2022-28169: Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, an
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admi
nvd
CVE-2020-15371P3CRITICALCVSS 9.8v8.0.0v8.0.1+33 more2020-09-25
CVE-2020-15371 [CRITICAL] CWE-94 CVE-2020-15371: Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3,
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
nvd
CVE-2018-6440P3CRITICALCVSS 9.1≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-12-03
CVE-2018-6440 [CRITICAL] CVE-2018-6440: A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.
nvd
CVE-2020-15374P3CRITICALCVSS 9.8v8.2.1v8.2.1a+8 more2020-09-25
CVE-2020-15374 [CRITICAL] CVE-2020-15374: Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerabl
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
nvd
CVE-2024-10403P3HIGHCVSS 7.5fixed in 9.2.0c1≥ 9.2.1, < 9.2.1a12024-11-21
CVE-2024-10403 [HIGH] CWE-528 CVE-2024-10403: Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a
Brocade Fabric OS versions before
8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can
capture the SFTP/FTP server password used for a firmware download
operation initiated by SANnav or through WebEM in a weblinker core dump
that is later captured via supportsave.
nvd
CVE-2022-33178P3HIGHCVSS 7.2fixed in 9.0.02022-10-25
CVE-2022-33178 [HIGH] CWE-20 CVE-2022-33178: A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
nvd
CVE-2024-5461P3HIGHCVSS 8.0fixed in 8.2.3e12025-02-15
CVE-2024-5461 [HIGH] CWE-78 CVE-2024-5461: Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC50
Implementation of the Simple Network
Management Protocol (SNMP) operating on the Brocade 6547 (FC5022)
embedded switch blade, makes internal script calls to system.sh from
within the SNMP binary. An authenticated attacker could perform command
or parameter injection on SNMP operations that are only enabled on the
Brocade 6547 (FC5022) embedded switch. Thi
nvd
CVE-2024-7517P3HIGHCVSS 7.8≤ 9.2.0c≥ 9.2.1, ≤ 9.2.1a2024-11-21
CVE-2024-7517 [HIGH] CWE-78 CVE-2024-7517: A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command.
This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and
nvd
1 / 4Next →