Brocade Fabric Os vulnerabilities

CVE-2024-5461 [HIGH] CWE-78 CVE-2024-5461: Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC50 Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. Th

CVE-2024-5462 [MEDIUM] CWE-319 CVE-2024-5462: If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passw If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to f

CVE-2023-4163 [MEDIUM] CWE-120 CVE-2023-4163: In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer ov In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.

CVE-2023-31430 [MEDIUM] CWE-120 CVE-2023-31430: A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fab A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

CVE-2023-31426 [MEDIUM] CWE-532 CVE-2023-31426: The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1. The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

CVE-2022-33186 [CRITICAL] CVE-2022-33186: A vulnerability in Brocade Fabric OS software v9 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.

CVE-2022-33184 [HIGH] CVE-2022-33184: A vulnerability in fab_seg A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.

CVE-2022-33179 [HIGH] CVE-2022-33179: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.

CVE-2022-33185 [HIGH] CVE-2022-33185: Several commands in Brocade Fabric OS before Brocade Fabric OS v Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.

CVE-2022-33178 [HIGH] CVE-2022-33178: A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9 A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

CVE-2022-33183 [HIGH] CVE-2022-33183: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.

CVE-2022-33182 [HIGH] CVE-2022-33182: A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9 A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.

CVE-2022-28169 [HIGH] CVE-2022-28169: Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9 Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator

CVE-2022-28170 [MEDIUM] CVE-2022-28170: Brocade Fabric OS Web Application services before Brocade Fabric v9 Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.

CVE-2022-33181 [MEDIUM] CVE-2022-33181: An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9 An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.

CVE-2022-33180 [MEDIUM] CVE-2022-33180: A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.

CVE-2021-27798 [MEDIUM] CWE-22 CVE-2021-27798: A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct p A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.

CVE-2020-15388 [MEDIUM] CVE-2020-15388: A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9 A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.

CVE-2021-27789 [MEDIUM] CVE-2021-27789: The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9 The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.

CVE-2021-27797 [CRITICAL] CVE-2021-27797: Brocade Fabric OS before Brocade Fabric OS v8 Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.