CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4661 – Path transversal vulnerability potentially leading to sensitive information disclosure
https://notcve.org/view.php?id=CVE-2025-4661
19 Jun 2025 — A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35814 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 2%CPEs: 1EXPL: 0CVE-2025-1976 – Broadcom Brocade Fabric OS Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-1976
24 Apr 2025 — Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1509 – Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100
https://notcve.org/view.php?id=CVE-2024-1509
28 Feb 2025 — Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428 • CWE-523: Unprotected Transport of Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5461 – Command or parameter injection via unique embedded switch SNMP commands.
https://notcve.org/view.php?id=CVE-2024-5461
15 Feb 2025 — Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root. Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities incl... • https://packetstorm.news/files/id/190177 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5462 – Brocade Fabric OS may capture SNMP Passwords in clear text
https://notcve.org/view.php?id=CVE-2024-5462
14 Feb 2025 — If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24610 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4282 – Weak TLS Ciphers on Brocade SANnav OVA SSH port 22
https://notcve.org/view.php?id=CVE-2024-4282
14 Feb 2025 — Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. • https://support.broadcom.com/external/content/SecurityAdvisories/0/25400 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10405 – Weak TLS Ciphers on Brocade SANnav port 443 & 18082
https://notcve.org/view.php?id=CVE-2024-10405
14 Feb 2025 — Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25402 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2240 – Docker implementation in Brocade SANnav is missing Audit Rules.
https://notcve.org/view.php?id=CVE-2024-2240
14 Feb 2025 — Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25401 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1053 – Brocade SANnav encryption key is logged in the debug logs
https://notcve.org/view.php?id=CVE-2025-1053
14 Feb 2025 — Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25399 • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10404 – Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave
https://notcve.org/view.php?id=CVE-2024-10404
14 Feb 2025 — CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an i... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403 • CWE-312: Cleartext Storage of Sensitive Information •