CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33184
https://notcve.org/view.php?id=CVE-2022-33184
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. Una vulnerabilidad en las bibliotecas fab_seg.c.h de todas las versiones de Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j, podría permitir a atacantes locales autenticados explotar desbordamientos de búfer en la región stack de la memoria y ejecutar código arbitrario como cuenta de usuario root • https://security.netapp.com/advisory/ntap-20230127-0009 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2080 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33180
https://notcve.org/view.php?id=CVE-2022-33180
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, podría permitir a un atacante local autenticado exportar archivos confidenciales con "seccryptocfg", "configupload" • https://security.netapp.com/advisory/ntap-20230127-0005 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33185
https://notcve.org/view.php?id=CVE-2022-33185
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. Varios comandos en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v.9.0.1e, y v9.1.0, usan funciones de cadena no seguras para procesar la entrada del usuario. Los atacantes locales autenticados podrían abusar de estas vulnerabilidades para explotar los desbordamientos de búfer en la región stack de la memoria, permitiendo una ejecución de código arbitrario como la cuenta de usuario root • https://security.netapp.com/advisory/ntap-20230127-0010 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33179
https://notcve.org/view.php?id=CVE-2022-33179
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c y 7.4.2j, podría permitir a un usuario local autenticado salir de shells restringidos con "set context" y escalar privilegios • https://security.netapp.com/advisory/ntap-20230127-0004 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28169
https://notcve.org/view.php?id=CVE-2022-28169
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. Brocade Webtools en versiones de Brocade Fabric OS anteriores a v9.1.1, v9.0.1e y v8.2.3c podrían permitir que un usuario de webtools poco privilegiado obtuviera derechos de administrador elevados, o privilegios, más allá de lo previsto o autorizado para ese usuario. Al explotar esta vulnerabilidad, un usuario cuyo rol no es de administrador puede crear un nuevo usuario con rol de administrador usando el identificador de sesión del operador. • https://security.netapp.com/advisory/ntap-20230127-0001 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075 • CWE-269: Improper Privilege Management •