Broadcom Fabric Operating System vulnerabilities
79 known vulnerabilities affecting broadcom/fabric_operating_system.
Total CVEs
79
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH38MEDIUM31LOW3
Vulnerabilities
Page 2 of 4
CVE-2022-33179P3HIGHCVSS 8.8fixed in 7.4.2j≥ 8.0.0, < 8.2.3c+2 more2022-10-25
CVE-2022-33179 [HIGH] CVE-2022-33179: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.
nvd
CVE-2019-16203P3HIGHCVSS 7.5≥ 8.2.1, < 8.2.1d≥ 8.2.2, < 8.2.2a2020-02-05
CVE-2019-16203 [HIGH] CWE-532 CVE-2019-16203: Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESR
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
nvd
CVE-2026-0383P3HIGHCVSS 7.8fixed in 9.2.1c2≥ 9.2.2, < 9.2.2b+1 more2026-02-03
CVE-2026-0383 [HIGH] CWE-78 CVE-2026-0383: A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
nvd
CVE-2025-9711P3HIGHCVSS 7.8fixed in 9.2.1c3≥ 9.2.2, < 9.2.2c2026-02-03
CVE-2025-9711 [HIGH] CWE-272 CVE-2025-9711: A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the loca
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.
nvd
CVE-2021-27790P3HIGHCVSS 7.8fixed in 7.4.2h≥ 8.0.0, < 8.2.0_cbn4+2 more2021-08-12
CVE-2021-27790 [HIGH] CWE-787 CVE-2021-27790: The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
nvd
CVE-2021-27794P3HIGHCVSS 7.8fixed in 7.4.2h≥ 8.0.0, < 8.2.3a+1 more2021-08-12
CVE-2021-27794 [HIGH] CWE-287 CVE-2021-27794: A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
nvd
CVE-2022-33185P3HIGHCVSS 7.8fixed in 9.0.1e2022-10-25
CVE-2022-33185 [HIGH] CWE-787 CVE-2022-33185: Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe strin
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
nvd
CVE-2022-33184P3HIGHCVSS 7.8fixed in 7.4.2.j≥ 8.0.0, < 8.2.3c+1 more2022-10-25
CVE-2022-33184 [HIGH] CWE-787 CVE-2022-33184: A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
nvd
CVE-2023-31425P3HIGHCVSS 7.8v9.1.02023-08-01
CVE-2023-31425 [HIGH] CWE-78 CVE-2023-31425: A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, befo
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
nvd
CVE-2023-3489P3HIGHCVSS 7.5v9.2.02023-08-31
CVE-2023-3489 [HIGH] CWE-312 CVE-2023-3489: The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server passwor
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
nvd
CVE-2024-5462P3HIGHCVSS 7.5fixed in 9.2.02025-02-15
CVE-2024-5462 [HIGH] CWE-319 CVE-2024-5462: If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passw
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fet
nvd
CVE-2018-6448P3HIGHCVSS 7.5fixed in 9.0.02020-09-25
CVE-2018-6448 [HIGH] CVE-2018-6448: A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
nvd
CVE-2023-31427P3HIGHCVSS 7.8fixed in 9.1.1c2023-08-01
CVE-2023-31427 [HIGH] CWE-22 CVE-2023-31427: Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
nvd
CVE-2019-16204P3HIGHCVSS 7.5fixed in 7.4.2f≥ 8.1.2, < 8.1.2j+2 more2020-02-05
CVE-2019-16204 [HIGH] CWE-532 CVE-2019-16204: Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwo
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
nvd
CVE-2018-6436P3HIGHCVSS 7.8≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6436 [HIGH] CVE-2018-6436: A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) ve
A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
nvd
CVE-2018-6435P3HIGHCVSS 7.8≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6435 [HIGH] CVE-2018-6435: A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) version
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
nvd
CVE-2018-6438P3HIGHCVSS 7.8≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6438 [HIGH] CVE-2018-6438: A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) version
A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
nvd
CVE-2018-6439P3HIGHCVSS 7.8≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-12-03
CVE-2018-6439 [HIGH] CVE-2018-6439: A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) vers
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
nvd
CVE-2022-33182P3HIGHCVSS 7.8≥ 8.0.0, < 8.2.3c≥ 9.0.0, < 9.0.1e2022-10-25
CVE-2022-33182 [HIGH] CWE-276 CVE-2022-33182: A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
nvd
CVE-2018-6434P3HIGHCVSS 7.5≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6434 [HIGH] CWE-384 CVE-2018-6434: A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f,
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
nvd