Brocade Fabric Os vulnerabilities

CVE-2023-31926 [HIGH] CWE-281 CVE-2023-31926: System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.

CVE-2023-31428 [MEDIUM] CWE-434 CVE-2023-31428: Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command l Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.

CVE-2023-31927 [MEDIUM] CWE-200 CVE-2023-31927: An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric O An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.

CVE-2023-31431 [MEDIUM] CWE-120 CVE-2023-31431: A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.

CVE-2023-31928 [MEDIUM] CWE-79 CVE-2023-31928: A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.

CVE-2023-31425 [HIGH] CWE-78 CVE-2023-31425: A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, befo A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVE-2023-31427 [HIGH] CWE-22 CVE-2023-31427: Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVE-2023-31429 [MEDIUM] CWE-209 CVE-2023-31429: Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the term

CVE-2017-6227 [MEDIUM] CVE-2017-6227: A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (F A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.

CVE-2017-6225 [MEDIUM] CWE-79 CVE-2017-6225: Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Chan Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.