CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4162 – Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
https://notcve.org/view.php?id=CVE-2023-4162
31 Aug 2023 — A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. Puede producirse un fallo de segmentación en Brocade Fabric OS después de Brocade Fabric OS v9.0 y antes de Brocade Fabric OS v9.2.0a a través del comando "passwdcfg". Esto podría permitir que un usuario privilegiado ... • https://security.netapp.com/advisory/ntap-20231124-0010 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4163 – Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-4163
31 Aug 2023 — In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condición de desbordamiento de búfer, lo que lleva a un pánico del kernel con una gran entrada a los búferes en el comando portcfgfportbuffers. • https://security.netapp.com/advisory/ntap-20231130-0001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31427 – Knowledge of full path name
https://notcve.org/view.php?id=CVE-2023-31427
01 Aug 2023 — Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. Las versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y v9.2.0 podrían permitir a un usuario local autenticado con conocimiento de los nombres de ruta completos dentro de Brocade Fabric OS ejecuta... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31426 – scp, sftp, ftp servers passwords in supportsave
https://notcve.org/view.php?id=CVE-2023-31426
01 Aug 2023 — The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. Los comandos de Brocade Fabric OS "configupload" y "configdownload" anteriores a Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 imprimen las contraseñas de los servidores scp, sftp y ftp en supportsave. Esto podría permitir a un atacante remoto autenticado acced... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31425 – Privilege escalation via the fosexec command
https://notcve.org/view.php?id=CVE-2023-31425
01 Aug 2023 — A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. Una vulnerabilidad en el comando fosexec de Brocade Fabric OS después de Brocade Fabric OS v9.1.0 y, antes de Brocade Fabric OS v9.1.1 podría permitir a un usuario local autenticado realizar una escalada de pr... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31429 – Multiple commands print sensitive information in the terminal
https://notcve.org/view.php?id=CVE-2023-31429
01 Aug 2023 — Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c, v9.2.0 contiene una vulnerabilidad al utilizar varios comandos como "chassisdistribute", "reboot", ... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1CVE-2022-33186 – Brocade Fabric OS Remote Code Execution / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-33186
08 Dec 2022 — A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. Una vulnerabilidad en el software Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j y versiones anteriores podría permitir que un atacante remoto no autenticado ejecute en un interruptor de Brocade Fabric OS... • https://packetstorm.news/files/id/190177 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33178
https://notcve.org/view.php?id=CVE-2022-33178
25 Oct 2022 — A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Una vulnerabilidad en el sistema de autenticación radius de Brocade Fabric OS versiones anteriores a Brocade Fabric OS 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el conmutador Brocade • https://security.netapp.com/advisory/ntap-20230127-0003 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33179
https://notcve.org/view.php?id=CVE-2022-33179
25 Oct 2022 — A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c y 7.4.2j, podría permitir a un usuario local autenticado salir de shells restringidos con "set context" y escalar privilegios • https://security.netapp.com/advisory/ntap-20230127-0004 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33180
https://notcve.org/view.php?id=CVE-2022-33180
25 Oct 2022 — A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, podría permitir a un atacante local autenticado exportar archivos confidenciales con "seccryptocfg", "configupload" • https://security.netapp.com/advisory/ntap-20230127-0005 •