Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:broadcom:fabric_operating_system:7.4.2h:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29954 |
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. Published: June 25, 2024; 8:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-27795 |
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. Published: December 05, 2023; 9:15:06 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-4163 |
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. Published: August 30, 2023; 9:15:09 PM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-31427 |
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. Published: August 01, 2023; 7:15:28 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-31426 |
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. Published: August 01, 2023; 6:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-31429 |
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. Published: August 01, 2023; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-33185 |
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. Published: October 25, 2022; 5:15:46 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-33179 |
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Published: October 25, 2022; 5:15:46 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-33178 |
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Published: October 25, 2022; 5:15:46 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2022-28170 |
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. Published: October 25, 2022; 5:15:39 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-27789 |
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials. Published: March 18, 2022; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-27797 |
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. Published: February 21, 2022; 1:15:08 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-15383 |
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. Published: June 09, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-6449 |
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers Published: September 25, 2020; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-6448 |
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. Published: September 25, 2020; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |