Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33184 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 7.8 HIGH |
| A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | |||||
| CVE-2022-33180 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 5.5 MEDIUM |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. | |||||
| CVE-2022-33179 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 8.8 HIGH |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | |||||
| CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 7.2 HIGH |
| A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | |||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 6.5 MEDIUM |
| Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | |||||
| CVE-2022-28169 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 8.8 HIGH |
| Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | |||||
| CVE-2022-33185 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | N/A | 7.8 HIGH |
| Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | |||||
| CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | |||||
| CVE-2021-27791 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process. | |||||
| CVE-2021-27792 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot. | |||||
| CVE-2020-15388 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. | |||||
| CVE-2020-15383 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. | |||||
| CVE-2020-15386 | 1 Broadcom | 1 Fabric Operating System | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. | |||||
| CVE-2021-27790 | 1 Broadcom | 1 Fabric Operating System | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account. | |||||
| CVE-2021-27789 | 1 Broadcom | 1 Fabric Operating System | 2022-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials. | |||||
| CVE-2021-27796 | 1 Broadcom | 1 Fabric Operating System | 2022-03-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries. | |||||
| CVE-2021-27797 | 1 Broadcom | 1 Fabric Operating System | 2022-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. | |||||
| CVE-2019-16204 | 1 Broadcom | 1 Fabric Operating System | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | |||||
| CVE-2019-16203 | 1 Broadcom | 1 Fabric Operating System | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | |||||
| CVE-2020-15376 | 1 Broadcom | 1 Fabric Operating System | 2021-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. | |||||