CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33185
https://notcve.org/view.php?id=CVE-2022-33185
25 Oct 2022 — Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. Varios comandos en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v.9.0.1e, y v9.1.0, usan funciones de cadena no seguras para procesar la entrada del usuario. Los atacantes locales autenticados podrí... • https://security.netapp.com/advisory/ntap-20230127-0010 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27798 – privileged directory transversal.in Brocade Fabric OS versions 7.4.1.x and 7.3.x
https://notcve.org/view.php?id=CVE-2021-27798
05 Aug 2022 — A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report Una vulnerabilidad en Brocade Fabric OS versiones v7.4.1b y v7.3.1d, podría permitir a usuarios locales conducir un salto de directorio privilegiado. Brocade Fabric OS versiones v7.4.1.x y... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15388
https://notcve.org/view.php?id=CVE-2020-15388
18 Mar 2022 — A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. Una vulnerabilidad en Brocade Fabric OS antes de Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4 y v7.4.2h podría permitir a un usuario autenticado de la CLI abusar del comando history para escribir contenido arbitrario en archivos • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27789
https://notcve.org/view.php?id=CVE-2021-27789
18 Mar 2022 — The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials. La aplicación web de Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.1a y v8.2.3a, contiene declaraciones de depuración que exponen información confidencial al disposi... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27797
https://notcve.org/view.php?id=CVE-2021-27797
21 Feb 2022 — Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. Brocade Fabric OS versiones anteriores a Brocade Fabric OS versiones v8.2.1c, v8.1.2h, y todas las versiones de Brocade Fabric OS v8.0.x y v7.x contienen credenciales documentadas embebidas, que podrían permitir a los atacantes conseguir acceso al sistema • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27796
https://notcve.org/view.php?id=CVE-2021-27796
21 Feb 2022 — A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries. Una vulnerabilidad en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v8.0.1b, v7.4.1d podría permitir a un atacante autenticado dentro del entorno de shell restringido (rbash) como cuenta "... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27790
https://notcve.org/view.php?id=CVE-2021-27790
12 Aug 2021 — The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account. El comando ipfilter en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v.9.0.1a, v8.2.3, y v8.2.0_CBN4, y v7.4.2h, usa una función de cadena no segura para procesar la entrada del... • https://security.netapp.com/advisory/ntap-20210819-0002 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27794
https://notcve.org/view.php?id=CVE-2021-27794
12 Aug 2021 — A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. Una vulnerabilidad en el mecanismo de autenticación de las versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v.9.0.1a, v8.2.3a y v7.4.2h, podía permitir a un usuario iniciar sesión con una contraseña vacía y no válida mediante telnet, ssh y REST • https://security.netapp.com/advisory/ntap-20210819-0001 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27792
https://notcve.org/view.php?id=CVE-2021-27792
12 Aug 2021 — The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot. Las funciones de manejo de solicitudes en la interfaz de administración web de las versiones del sistema operativo Brocade Fabric anteriores a las versiones v9.0.1a, v8.2.3a y v7.4.2h no ma... • https://security.netapp.com/advisory/ntap-20210819-0002 •
CVSS: 7.4EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15387
https://notcve.org/view.php?id=CVE-2020-15387
09 Jun 2021 — The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Los servidores SSH del host de Brocade Fabric OS versiones anteriores a v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, y Brocade SANnav versiones anteriores a v2.1.1, utilizan claves de menos de 2048 bits, que pueden ser vulnerables a ataques de tipo man-in-the-mid... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291 • CWE-326: Inadequate Encryption Strength •