Broadcom Fabric Operating System vulnerabilities
79 known vulnerabilities affecting broadcom/fabric_operating_system.
Total CVEs
79
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH37MEDIUM35
Vulnerabilities
Page 2 of 4
CVE-2023-3489HIGHCVSS 7.5v9.2.02023-08-31
CVE-2023-3489 [HIGH] CWE-312 CVE-2023-3489: The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server passwor
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
nvd
CVE-2023-4162MEDIUMCVSS 4.4≥ 9.0.1a, < 9.2.0a2023-08-31
CVE-2023-4162 [MEDIUM] CWE-252 CVE-2023-4162: A
segmentation fault can occur in Brocade Fabric OS after Brocade Fabric
OS v9.0 and before Brocad
A
segmentation fault can occur in Brocade Fabric OS after Brocade Fabric
OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg
command. This
could allow an authenticated privileged user local user to crash a
Brocade Fabric OS swith using the cli “passwdcfg --set -expire
-minDiff“.
nvd
CVE-2023-4163MEDIUMCVSS 4.4fixed in 9.2.0a2023-08-31
CVE-2023-4163 [MEDIUM] CWE-120 CVE-2023-4163: In
Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
can trigger a buffer ov
In
Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
can trigger a buffer overflow condition, leading to a kernel panic with
large input to buffers in the portcfgfportbuffers command.
nvd
CVE-2023-31427HIGHCVSS 7.8fixed in 9.1.1c2023-08-01
CVE-2023-31427 [HIGH] CWE-22 CVE-2023-31427: Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
nvd
CVE-2023-31425HIGHCVSS 7.8v9.1.02023-08-01
CVE-2023-31425 [HIGH] CWE-78 CVE-2023-31425: A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, befo
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
nvd
CVE-2023-31429MEDIUMCVSS 5.5fixed in 9.1.1c2023-08-01
CVE-2023-31429 [MEDIUM] CWE-209 CVE-2023-31429: Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the term
nvd
CVE-2023-31426MEDIUMCVSS 6.5fixed in 8.2.3d≥ 9.0.0, < 9.1.1c2023-08-01
CVE-2023-31426 [MEDIUM] CWE-532 CVE-2023-31426:
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
nvd
CVE-2022-33186CRITICALCVSS 9.8v7.4.2jv8.2.3c+1 more2022-12-08
CVE-2022-33186 [CRITICAL] CWE-78 CVE-2022-33186: A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier version
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.
nvd
CVE-2022-33183HIGHCVSS 8.8fixed in 7.4.2.j≥ 8.0.0, < 8.2.3c+1 more2022-10-25
CVE-2022-33183 [HIGH] CWE-787 CVE-2022-33183: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5,
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.
nvd
CVE-2022-33185HIGHCVSS 7.8fixed in 9.0.1e2022-10-25
CVE-2022-33185 [HIGH] CWE-787 CVE-2022-33185: Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe strin
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
nvd
CVE-2022-33178HIGHCVSS 7.2fixed in 9.0.02022-10-25
CVE-2022-33178 [HIGH] CWE-20 CVE-2022-33178: A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
nvd
CVE-2022-28169HIGHCVSS 8.8≥ 8.0.0, < 8.2.3c≥ 9.0.0, < 9.0.1e+1 more2022-10-25
CVE-2022-28169 [HIGH] CWE-269 CVE-2022-28169: Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, an
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admi
nvd
CVE-2022-33179HIGHCVSS 8.8fixed in 7.4.2j≥ 8.0.0, < 8.2.3c+2 more2022-10-25
CVE-2022-33179 [HIGH] CVE-2022-33179: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.
nvd
CVE-2022-33182HIGHCVSS 7.8≥ 8.0.0, < 8.2.3c≥ 9.0.0, < 9.0.1e2022-10-25
CVE-2022-33182 [HIGH] CWE-276 CVE-2022-33182: A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
nvd
CVE-2022-33184HIGHCVSS 7.8fixed in 7.4.2.j≥ 8.0.0, < 8.2.3c+1 more2022-10-25
CVE-2022-33184 [HIGH] CWE-787 CVE-2022-33184: A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
nvd
CVE-2022-33181MEDIUMCVSS 5.5fixed in 7.4.2.j≥ 8.0.0, < 8.2.3c+2 more2022-10-25
CVE-2022-33181 [MEDIUM] CWE-200 CVE-2022-33181: An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
nvd
CVE-2022-28170MEDIUMCVSS 6.5fixed in 7.4.2j≥ 8.0.0, < 8.2.3c+2 more2022-10-25
CVE-2022-28170 [MEDIUM] CWE-922 CVE-2022-28170: Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j s
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
nvd
CVE-2022-33180MEDIUMCVSS 5.5≥ 8.0.0, < 8.2.3c≥ 9.0.0, < 9.0.1e+1 more2022-10-25
CVE-2022-33180 [MEDIUM] CVE-2022-33180: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.
nvd
CVE-2021-27798MEDIUMCVSS 5.5v7.3.1dv7.4.1b2022-08-05
CVE-2021-27798 [MEDIUM] CWE-22 CVE-2021-27798: A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct p
A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.
nvd
CVE-2020-15388MEDIUMCVSS 6.5fixed in 7.4.2h≥ 9.0.0, < 9.0.1a+3 more2022-03-18
CVE-2020-15388 [MEDIUM] CVE-2020-15388: A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
nvd