Broadcom Fabric Operating System vulnerabilities

CVE-2018-6447 [MEDIUM] CWE-79 CVE-2018-6447: A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Bro A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

CVE-2020-15370 [MEDIUM] CWE-532 CVE-2020-15370: Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote att Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

CVE-2019-16203 [HIGH] CWE-532 CVE-2019-16203: Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESR Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

CVE-2019-16204 [HIGH] CWE-532 CVE-2019-16204: Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwo Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

CVE-2018-6440 [CRITICAL] CVE-2018-6440: A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4 A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.

CVE-2018-6439 [HIGH] CVE-2018-6439: A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) vers A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVE-2018-6436 [HIGH] CVE-2018-6436: A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) ve A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVE-2018-6434 [HIGH] CWE-384 CVE-2018-6434: A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.

CVE-2018-6435 [HIGH] CVE-2018-6435: A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) version A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.

CVE-2018-6437 [HIGH] CVE-2018-6437: A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions befor A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVE-2018-6438 [HIGH] CVE-2018-6438: A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) version A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

CVE-2018-6441 [HIGH] CVE-2018-6441: A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8 A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.

CVE-2018-6442 [HIGH] CVE-2018-6442: A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8 A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.

CVE-2018-6433 [MEDIUM] CWE-20 CVE-2018-6433: A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.

CVE-2017-6227 [MEDIUM] CVE-2017-6227: A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (F A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.

CVE-2017-6225 [MEDIUM] CWE-79 CVE-2017-6225: Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Chan Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.

CVE-2016-8202 [HIGH] CWE-264 CVE-2016-8202: A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combinati

CVE-2016-4376 [MEDIUM] CWE-254 CVE-2016-4376: HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obta HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2004-1663 [MEDIUM] CVE-2004-1663: Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 ( Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.