CVE-2023-31926 – Arbitrary File Overwrite using less command
https://notcve.org/view.php?id=CVE-2023-31926
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22388 • CWE-281: Improper Preservation of Permissions CWE-665: Improper Initialization •
CVE-2023-31927 – An information disclosure in the web interface of Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22389 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-31432 – Privilege issues in multiple commands
https://notcve.org/view.php?id=CVE-2023-31432
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. Mediante la manipulación de contraseñas u otras variables, utilizando comandos como portcfgupload, configupload, license, myid, un usuario sin privilegios podría obtener privilegios de root en versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22385 • CWE-269: Improper Privilege Management •
CVE-2023-31928 – XSS vulnerability in Brocade Webtools
https://notcve.org/view.php?id=CVE-2023-31928
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. Existe una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Brocade Webtools PortSetting.html de la versión de Brocade Fabric OS anterior a Brocade Fabric OS v9.2.0 que podría permitir a un atacante remoto no autenticado ejecutar código JavaScript arbitrario en la sesión de un usuario de destino con la aplicación Brocade Webtools. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-31428 – CLI allows upload or transfer files of dangerous types
https://notcve.org/view.php?id=CVE-2023-31428
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c, v9.2.0 contiene una vulnerabilidad en la línea de comandos que podría permitir a un usuario local volcar archivos en el directorio raíz del usuario utilizando grep. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22380 • CWE-434: Unrestricted Upload of File with Dangerous Type •