CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31432 – Privilege issues in multiple commands
https://notcve.org/view.php?id=CVE-2023-31432
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. Mediante la manipulación de contraseñas u otras variables, utilizando comandos como portcfgupload, configupload, license, myid, un usuario sin privilegios podría obtener privilegios de root en versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22385 • CWE-269: Improper Privilege Management •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31928 – XSS vulnerability in Brocade Webtools
https://notcve.org/view.php?id=CVE-2023-31928
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. Existe una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Brocade Webtools PortSetting.html de la versión de Brocade Fabric OS anterior a Brocade Fabric OS v9.2.0 que podría permitir a un atacante remoto no autenticado ejecutar código JavaScript arbitrario en la sesión de un usuario de destino con la aplicación Brocade Webtools. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31428 – CLI allows upload or transfer files of dangerous types
https://notcve.org/view.php?id=CVE-2023-31428
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c, v9.2.0 contiene una vulnerabilidad en la línea de comandos que podría permitir a un usuario local volcar archivos en el directorio raíz del usuario utilizando grep. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22380 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31430 – buffer overflow vulnerability in “secpolicydelete” command
https://notcve.org/view.php?id=CVE-2023-31430
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. Una vulnerabilidad de desbordamiento de búfer en el comando "secpolicydelete" en Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c y v9.2.0 podría permitir a un usuario con privilegios autenticado bloquear el conmutador Brocade Fabric OS y provocar una denegación de servicio. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22381 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31431 – A buffer overflow vulnerability in “diagstatus” command
https://notcve.org/view.php?id=CVE-2023-31431
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. Una vulnerabilidad de desbordamiento de búfer en el comando "diagstatus" en Brocade Fabric OS antes de Brocade Fabric v9.2.0 y v9.1.1c podría permitir a un usuario autenticado bloquear el conmutador Brocade Fabric OS provocando una denegación de servicio. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22384 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •