CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 1CVE-2024-3596 – RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
https://notcve.org/view.php?id=CVE-2024-3596
09 Jul 2024 — RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. El protocolo RADIUS según RFC 2865 es susceptible a ataques de falsificación por parte de un atacante local que puede modificar cualquier respuesta válida (acceso-aceptación, acceso-rechazo o acceso-desafío) a cualquier otra respuesta... • https://github.com/alperenugurlu/CVE-2024-3596-Detector • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-328: Use of Weak Hash CWE-354: Improper Validation of Integrity Check Value CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-3454 – Brocade Fabric OS Remote Code Execution / Information Disclosure
https://notcve.org/view.php?id=CVE-2023-3454
04 Apr 2024 — Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. Vulnerabilidad de ejecución remota de código (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podría permitir a un atacante ejecutar código arbitrario y usarlo para obtener acceso raíz al conmutador Brocade. Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not... • https://packetstorm.news/files/id/190177 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2021-27795 – License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
https://notcve.org/view.php?id=CVE-2021-27795
06 Dec 2023 — Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versión d... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31926 – Arbitrary File Overwrite using less command
https://notcve.org/view.php?id=CVE-2023-31926
02 Aug 2023 — System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-281: Improper Preservation of Permissions CWE-665: Improper Initialization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31927 – An information disclosure in the web interface of Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-31927
02 Aug 2023 — An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31432 – Privilege issues in multiple commands
https://notcve.org/view.php?id=CVE-2023-31432
01 Aug 2023 — Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. Mediante la manipulación de contraseñas u otras variables, utilizando comandos como portcfgupload, configupload, license, myid, un usuario sin privilegios podría obtener privilegios de root en versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y ... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31928 – XSS vulnerability in Brocade Webtools
https://notcve.org/view.php?id=CVE-2023-31928
01 Aug 2023 — A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. Existe una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Brocade Webtools PortSetting.html de la versión de Brocade Fabric OS anterior a Brocade Fabric OS v9.2.0 que podría permitir a un a... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31428 – CLI allows upload or transfer files of dangerous types
https://notcve.org/view.php?id=CVE-2023-31428
01 Aug 2023 — Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c, v9.2.0 contiene una vulnerabilidad en la línea de comandos que podría permitir a un usuario local volcar archivos en el directorio raíz del usuario utilizando grep. • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31430 – buffer overflow vulnerability in “secpolicydelete” command
https://notcve.org/view.php?id=CVE-2023-31430
01 Aug 2023 — A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. Una vulnerabilidad de desbordamiento de búfer en el comando "secpolicydelete" en Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c y v9.2.0 podría permitir a un usuario con privilegios autenticado bloquear el conmutador Brocade Fabric OS y provocar una denegación de s... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31431 – A buffer overflow vulnerability in “diagstatus” command
https://notcve.org/view.php?id=CVE-2023-31431
01 Aug 2023 — A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. Una vulnerabilidad de desbordamiento de búfer en el comando "diagstatus" en Brocade Fabric OS antes de Brocade Fabric v9.2.0 y v9.1.1c podría permitir a un usuario autenticado bloquear el conmutador Brocade Fabric OS provocando una denegación de servicio. • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •