CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2021-27795 – License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
https://notcve.org/view.php?id=CVE-2021-27795
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versión del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptográficos que podrían permitir la instalación de claves de licencia falsificadas o fraudulentas. Esto permitiría a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticaría y activaría como si fuera una clave de licencia legítima. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31926 – Arbitrary File Overwrite using less command
https://notcve.org/view.php?id=CVE-2023-31926
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22388 • CWE-281: Improper Preservation of Permissions CWE-665: Improper Initialization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31927 – An information disclosure in the web interface of Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22389 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31432 – Privilege issues in multiple commands
https://notcve.org/view.php?id=CVE-2023-31432
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. Mediante la manipulación de contraseñas u otras variables, utilizando comandos como portcfgupload, configupload, license, myid, un usuario sin privilegios podría obtener privilegios de root en versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22385 • CWE-269: Improper Privilege Management •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31928 – XSS vulnerability in Brocade Webtools
https://notcve.org/view.php?id=CVE-2023-31928
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. Existe una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Brocade Webtools PortSetting.html de la versión de Brocade Fabric OS anterior a Brocade Fabric OS v9.2.0 que podría permitir a un atacante remoto no autenticado ejecutar código JavaScript arbitrario en la sesión de un usuario de destino con la aplicación Brocade Webtools. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •