Broadcom Fabric Operating System vulnerabilities
79 known vulnerabilities affecting broadcom/fabric_operating_system.
Total CVEs
79
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH38MEDIUM31LOW3
Vulnerabilities
Page 4 of 4
CVE-2024-29954P4MEDIUMCVSS 5.5fixed in 8.2.3e≥ 9.0.1, < 9.1.1d+1 more2024-06-26
CVE-2024-29954 [MEDIUM] CWE-312 CVE-2024-29954: A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.
Detail.
When the firmwaredownload command is incorrectly entered or points to an er
nvd
CVE-2017-6227P4MEDIUMCVSS 6.5fixed in 7.4.2bv8.0.0+5 more2018-02-08
CVE-2017-6227 [MEDIUM] CVE-2017-6227: A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (F
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
nvd
CVE-2020-15386P4MEDIUMCVSS 5.3v8.2.3v9.0.0a+2 more2021-06-09
CVE-2020-15386 [MEDIUM] CVE-2020-15386: Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
nvd
CVE-2018-6447P4MEDIUMCVSS 5.4v2.1.2v2.2+53 more2020-09-25
CVE-2018-6447 [MEDIUM] CWE-79 CVE-2018-6447: A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Bro
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
nvd
CVE-2021-27798P4MEDIUMCVSS 5.5v7.3.1dv7.4.1b2022-08-05
CVE-2021-27798 [MEDIUM] CWE-22 CVE-2021-27798: A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct p
A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.
nvd
CVE-2018-6433P4MEDIUMCVSS 5.5≥ 7.4.2, < 7.4.2d≥ 8.0.2, < 8.0.2f+2 more2018-11-08
CVE-2018-6433 [MEDIUM] CWE-20 CVE-2018-6433: A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.
nvd
CVE-2020-15372P4MEDIUMCVSS 5.5fixed in 7.4.2g≥ 8.0.0, < 8.1.2k+4 more2020-09-25
CVE-2020-15372 [MEDIUM] CWE-913 CVE-2020-15372: A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
nvd
CVE-2022-33181P4MEDIUMCVSS 5.5fixed in 7.4.2.j≥ 8.0.0, < 8.2.3c+2 more2022-10-25
CVE-2022-33181 [MEDIUM] CWE-200 CVE-2022-33181: An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
nvd
CVE-2025-4663P4MEDIUMCVSS 4.9≥ 9.0.0, ≤ 9.2.1bv9.2.22025-07-08
CVE-2025-4663 [MEDIUM] CWE-754 CVE-2025-4663: An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9
An Improper Check for Unusual or
Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a
could allow an authenticated, network-based attacker to cause a
Denial-of-Service (DoS).
The
vulnerability is encountered when supportsave is invoked remotely,
using ssh command or SANnav inline ssh, and the corresponding ssh
session is terminated
nvd
CVE-2022-33180P4MEDIUMCVSS 5.5≥ 8.0.0, < 8.2.3c≥ 9.0.0, < 9.0.1e+1 more2022-10-25
CVE-2022-33180 [MEDIUM] CVE-2022-33180: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.
nvd
CVE-2020-15376P4MEDIUMCVSS 4.3≥ 8.1.0, < 9.0.02020-12-11
CVE-2020-15376 [MEDIUM] CVE-2020-15376: Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
nvd
CVE-2023-5973P4MEDIUMCVSS 4.3≥ 9.0.0, < 9.2.02024-04-05
CVE-2023-5973 [MEDIUM] CWE-346 CVE-2023-5973: Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the
Brocade
Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not
properly represent the portName to the user if the portName contains
reserved characters. This could allow an authenticated user to alter the
UI of the Brocade Switch and change ports display.
nvd
CVE-2024-29953P4MEDIUMCVSS 4.3≥ 9.0.0, < 9.1.1d≥ 9.2.0, < 9.2.0b2024-06-26
CVE-2024-29953 [MEDIUM] CWE-922 CVE-2024-29953: A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms.
This could allow an authenticated user to view other users' session encoded passwords.
nvd
CVE-2004-1663P4MEDIUMCVSS 5.0v2.1.2v2.2+1 more2004-09-04
CVE-2004-1663 [MEDIUM] CVE-2004-1663: Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
nvd
CVE-2023-4163P4MEDIUMCVSS 4.4fixed in 9.2.0a2023-08-31
CVE-2023-4163 [MEDIUM] CWE-120 CVE-2023-4163: In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer ov
In
Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
can trigger a buffer overflow condition, leading to a kernel panic with
large input to buffers in the portcfgfportbuffers command.
nvd
CVE-2023-4162P4MEDIUMCVSS 4.4≥ 9.0.1a, < 9.2.0a2023-08-31
CVE-2023-4162 [MEDIUM] CWE-252 CVE-2023-4162: A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocad
A
segmentation fault can occur in Brocade Fabric OS after Brocade Fabric
OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg
command. This
could allow an authenticated privileged user local user to crash a
Brocade Fabric OS swith using the cli “passwdcfg --set -expire
-minDiff“.
nvd
CVE-2025-58381P4LOWCVSS 2.3fixed in 9.2.1c2≥ 9.2.2, < 9.2.2b2026-02-03
CVE-2025-58381 [LOW] CWE-35 CVE-2025-58381: A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with adm
A
vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an
authenticated attacker with admin privileges using the shell commands
“source, ping6, sleep, disown, wait to modify the path variables and
move upwards in the directory structure or to traverse to different
directories.
nvd
CVE-2025-58380P4LOWCVSS 2.3fixed in 9.2.12026-02-03
CVE-2025-58380 [LOW] CWE-35 CVE-2025-58380: A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin p
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.
nvd
CVE-2025-4661P4LOWCVSS 2.3≥ 9.1.0, ≤ 9.2.22025-06-19
CVE-2025-4661 [LOW] CWE-22 CVE-2025-4661: A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin
A path transversal vulnerability in
Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to
gain access to files outside the intended directory potentially leading
to the disclosure of sensitive information.
Note: Admin level privilege is required on the switch in order to exploit
nvd
← Previous4 / 4