Broadcom Fabric Operating System vulnerabilities
79 known vulnerabilities affecting broadcom/fabric_operating_system.
Total CVEs
79
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH38MEDIUM31LOW3
Vulnerabilities
Page 3 of 4
CVE-2018-6441P3HIGHCVSS 7.8≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6441 [HIGH] CVE-2018-6441: A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
nvd
CVE-2018-6437P3HIGHCVSS 7.8≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6437 [HIGH] CVE-2018-6437: A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions befor
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
nvd
CVE-2021-27792P3HIGHCVSS 7.8fixed in 7.4.2h≥ 8.0.0, < 8.2.3a+1 more2021-08-12
CVE-2021-27792 [HIGH] CVE-2021-27792: The request handling functions in web management interface of Brocade Fabric OS versions before v9.0
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
nvd
CVE-2020-15388P3MEDIUMCVSS 6.5fixed in 7.4.2h≥ 9.0.0, < 9.0.1a+3 more2022-03-18
CVE-2020-15388 [MEDIUM] CVE-2020-15388: A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
nvd
CVE-2020-15383P3HIGHCVSS 7.5fixed in 8.2.1v8.2.1+7 more2021-06-09
CVE-2020-15383 [HIGH] CVE-2020-15383: Running security scans against the SAN switch can cause config and secnotify processes within the fi
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
nvd
CVE-2021-27796P3MEDIUMCVSS 6.5fixed in 7.4.1d≥ 8.0.0, < 8.0.1b2022-02-21
CVE-2021-27796 [MEDIUM] CVE-2021-27796: A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
nvd
CVE-2023-31426P3MEDIUMCVSS 6.5fixed in 8.2.3d≥ 9.0.0, < 9.1.1c2023-08-01
CVE-2023-31426 [MEDIUM] CWE-532 CVE-2023-31426: The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
nvd
CVE-2020-15387P3HIGHCVSS 7.4fixed in 7.4.2≥ 8.2.0, < 8.2.1+10 more2021-06-09
CVE-2020-15387 [HIGH] CWE-326 CVE-2020-15387: The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0,
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
nvd
CVE-2020-15370P3MEDIUMCVSS 6.5fixed in 7.4.2g2020-09-25
CVE-2020-15370 [MEDIUM] CWE-532 CVE-2020-15370: Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote att
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
nvd
CVE-2021-27791P4MEDIUMCVSS 5.4≥ 8.2.1, < 8.2.3a≥ 9.0.0, < 9.0.1a2021-08-12
CVE-2021-27791 [MEDIUM] CWE-125 CVE-2021-27791: The function that is used to parse the Authentication header in Brocade Fabric OS Web application se
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, whi
nvd
CVE-2021-27789P4MEDIUMCVSS 6.5fixed in 8.2.3a≥ 9.0.0, < 9.0.1a2022-03-18
CVE-2021-27789 [MEDIUM] CVE-2021-27789: The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a conta
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
nvd
CVE-2018-6449P4MEDIUMCVSS 6.1fixed in 9.0.02020-09-25
CVE-2018-6449 [MEDIUM] CWE-79 CVE-2018-6449: Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions b
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
nvd
CVE-2020-15375P4MEDIUMCVSS 6.7fixed in 7.4.2g≥ 8.0.0, < 8.1.2k+3 more2020-12-11
CVE-2020-15375 [MEDIUM] CWE-20 CVE-2020-15375: Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.
nvd
CVE-2024-7516P4HIGHCVSS 7.1fixed in 9.2.22024-11-12
CVE-2024-7516 [HIGH] CWE-322 CVE-2024-7516: A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers t
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.
nvd
CVE-2016-4376P4MEDIUMCVSS 6.5≤ 7.4.1v8.0.02016-08-22
CVE-2016-4376 [MEDIUM] CWE-254 CVE-2016-4376: HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obta
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2023-31429P4MEDIUMCVSS 5.5fixed in 9.1.1c2023-08-01
CVE-2023-31429 [MEDIUM] CWE-209 CVE-2023-31429: Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the term
nvd
CVE-2017-6225P4MEDIUMCVSS 6.1fixed in 7.4.2bv8.0.2+1 more2018-02-08
CVE-2017-6225 [MEDIUM] CWE-79 CVE-2017-6225: Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Chan
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
nvd
CVE-2022-28170P4MEDIUMCVSS 6.5fixed in 7.4.2j≥ 8.0.0, < 8.2.3c+2 more2022-10-25
CVE-2022-28170 [MEDIUM] CWE-922 CVE-2022-28170: Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j s
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
nvd
CVE-2021-27793P4MEDIUMCVSS 5.3≥ 8.2.0, < 8.2.3≥ 9.0.0, < 9.0.1+3 more2021-08-12
CVE-2021-27793 [MEDIUM] CWE-863 CVE-2021-27793: ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabr
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
nvd
CVE-2025-58379P4MEDIUMCVSS 5.5fixed in 9.2.12026-02-03
CVE-2025-58379 [MEDIUM] CWE-250 CVE-2025-58379: Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker t
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.
nvd