Brocade Fabric Os vulnerabilities
30 known vulnerabilities affecting brocade/fabric_os.
Total CVEs
30
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH13MEDIUM13LOW3
Vulnerabilities
Page 1 of 2
CVE-2025-1976P1MEDIUMCVSS 6.7KEVvFabric OS versions 9.1.0 through 9.1.1d62025-04-24
CVE-2025-1976 [MEDIUM] CWE-94 CVE-2025-1976: Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
nvd
CVE-2023-3454P2CRITICALCVSS 9.8vafter v9.0 and before v9.2.02024-04-04
CVE-2023-3454 [CRITICAL] CWE-78 CVE-2023-3454: Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could al
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
nvd
CVE-2025-58382P3HIGHCVSS 7.2vbefore 9.2.1c2 and 9.2.2 through 9.2.2a2026-02-03
CVE-2025-58382 [HIGH] CWE-305 CVE-2025-58382: A vulnerability in the secure configuration of authentication and management services in Brocade Fa
A vulnerability in the secure configuration of authentication and
management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could
allow an authenticated, remote attacker with administrative credentials
to execute arbitrary commands as root using “supportsave”,
“seccertmgmt”, “configupload” command.
nvd
CVE-2024-5460P3HIGHCVSS 8.1vprior to v9.0.02024-06-26
CVE-2024-5460 [HIGH] CWE-798 CVE-2024-5460: A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) featu
A vulnerability in the default configuration of the Simple Network
Management Protocol (SNMP) feature of Brocade Fabric OS versions before
v9.0.0 could allow an authenticated, remote attacker to read data from
an affected device via SNMP. The vulnerability is due to hard-coded,
default community string in the configuration file for the SNMP daemon.
An at
nvd
CVE-2025-58383P3HIGHCVSS 7.2vbefore 9.2.1c22026-02-03
CVE-2025-58383 [HIGH] CWE-250 CVE-2025-58383: A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.
nvd
CVE-2024-10403P3HIGHCVSS 7.5vBrocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a2024-11-21
CVE-2024-10403 [HIGH] CWE-528 CVE-2024-10403: Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a
Brocade Fabric OS versions before
8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can
capture the SFTP/FTP server password used for a firmware download
operation initiated by SANnav or through WebEM in a weblinker core dump
that is later captured via supportsave.
nvd
CVE-2024-7517P3HIGHCVSS 7.8vBrocade Fabric OS versions before 9.2.0c, and 9.2.1 through 9.2.1a2024-11-21
CVE-2024-7517 [HIGH] CWE-78 CVE-2024-7517: A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command.
This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and
nvd
CVE-2026-0383P3HIGHCVSS 7.8vbefore 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.02026-02-03
CVE-2026-0383 [HIGH] CWE-78 CVE-2026-0383: A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
nvd
CVE-2025-9711P3HIGHCVSS 7.8vbefore 9.2.1c3, and 9.2.2 though 9.2.2b2026-02-03
CVE-2025-9711 [HIGH] CWE-272 CVE-2025-9711: A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the loca
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.
nvd
CVE-2023-31425P3HIGHCVSS 7.8vafter Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.12023-08-01
CVE-2023-31425 [HIGH] CWE-78 CVE-2023-31425: A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, befo
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
nvd
CVE-2023-31432P3HIGHCVSS 7.8vbefore Brocade Fabric OS v9.1.1c and v9.2.02023-08-02
CVE-2023-31432 [HIGH] CWE-269 CVE-2023-31432: Through manipulation of passwords or other variables, using commands such as portcfgupload, configup
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
nvd
CVE-2023-3489P3HIGHCVSS 7.5vBrocade Fabric OS v9.2.02023-08-31
CVE-2023-3489 [HIGH] CWE-312 CVE-2023-3489: The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server passwor
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
nvd
CVE-2023-31427P3HIGHCVSS 7.8vafter 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c2023-08-01
CVE-2023-31427 [HIGH] CWE-22 CVE-2023-31427: Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
nvd
CVE-2023-31926P4HIGHCVSS 7.1vbefore Brocade Fabric OS v9.1.1c and v9.2.02023-08-02
CVE-2023-31926 [HIGH] CWE-281 CVE-2023-31926: System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
nvd
CVE-2024-7516P4HIGHCVSS 7.1vbefore 9.2.22024-11-12
CVE-2024-7516 [HIGH] CWE-322 CVE-2024-7516: A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers t
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.
nvd
CVE-2023-31429P4MEDIUMCVSS 5.5vbefore Brocade Fabric OS v9.1.1c, v9.2.02023-08-01
CVE-2023-31429 [MEDIUM] CWE-209 CVE-2023-31429: Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the term
nvd
CVE-2023-31927P4MEDIUMCVSS 5.3vbefore Brocade Fabric OS v9.2.0 and v9.1.1c2023-08-02
CVE-2023-31927 [MEDIUM] CWE-200 CVE-2023-31927: An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric O
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.
nvd
CVE-2017-6225P4MEDIUMCVSS 6.1v8.0.1b1v8.0.2b1+1 more2018-02-08
CVE-2017-6225 [MEDIUM] CWE-79 CVE-2017-6225: Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Chan
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
nvd
CVE-2023-31928P4MEDIUMCVSS 6.1vbefore Brocade Fabric OS v9.2.02023-08-02
CVE-2023-31928 [MEDIUM] CWE-79 CVE-2023-31928: A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.
nvd
CVE-2025-58379P4MEDIUMCVSS 5.5vbefore 9.2.12026-02-03
CVE-2025-58379 [MEDIUM] CWE-250 CVE-2025-58379: Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker t
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.
nvd
1 / 2Next →