CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4163 – Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-4163
31 Aug 2023 — In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condición de desbordamiento de búfer, lo que lleva a un pánico del kernel con una gran entrada a los búferes en el comando portcfgfportbuffers. • https://security.netapp.com/advisory/ntap-20231130-0001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31427 – Knowledge of full path name
https://notcve.org/view.php?id=CVE-2023-31427
01 Aug 2023 — Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. Las versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y v9.2.0 podrían permitir a un usuario local autenticado con conocimiento de los nombres de ruta completos dentro de Brocade Fabric OS ejecuta... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31426 – scp, sftp, ftp servers passwords in supportsave
https://notcve.org/view.php?id=CVE-2023-31426
01 Aug 2023 — The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. Los comandos de Brocade Fabric OS "configupload" y "configdownload" anteriores a Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 imprimen las contraseñas de los servidores scp, sftp y ftp en supportsave. Esto podría permitir a un atacante remoto autenticado acced... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31429 – Multiple commands print sensitive information in the terminal
https://notcve.org/view.php?id=CVE-2023-31429
01 Aug 2023 — Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c, v9.2.0 contiene una vulnerabilidad al utilizar varios comandos como "chassisdistribute", "reboot", ... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33186
https://notcve.org/view.php?id=CVE-2022-33186
08 Dec 2022 — A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. Una vulnerabilidad en el software Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j y versiones anteriores podría permitir que un atacante remoto no autenticado ejecute en un interruptor de Brocade Fabric OS... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2121 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33182
https://notcve.org/view.php?id=CVE-2022-33182
25 Oct 2022 — A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. Una vulnerabilidad de escalada de privilegios en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, podría permitir a un usuario local autenticado escalar su privilegio a ro... • https://security.netapp.com/advisory/ntap-20230127-0007 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33178
https://notcve.org/view.php?id=CVE-2022-33178
25 Oct 2022 — A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Una vulnerabilidad en el sistema de autenticación radius de Brocade Fabric OS versiones anteriores a Brocade Fabric OS 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el conmutador Brocade • https://security.netapp.com/advisory/ntap-20230127-0003 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33181
https://notcve.org/view.php?id=CVE-2022-33181
25 Oct 2022 — An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. Una vulnerabilidad de divulgación de información en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j, podría permitir a un atacante local autenticado leer archivos confidenciales usando los comandos de... • https://security.netapp.com/advisory/ntap-20230127-0006 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28170
https://notcve.org/view.php?id=CVE-2022-28170
25 Oct 2022 — Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. Los servicios de aplicaciones web de Brocade Fabric OS versiones anteriores a Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j, almacenan las contraseñas del servidor y del usuario en las declaraciones de depuración. Esto podría permitir a un usuario local extraer las contraseñas d... • https://security.netapp.com/advisory/ntap-20230127-0002 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33180
https://notcve.org/view.php?id=CVE-2022-33180
25 Oct 2022 — A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, podría permitir a un atacante local autenticado exportar archivos confidenciales con "seccryptocfg", "configupload" • https://security.netapp.com/advisory/ntap-20230127-0005 •