CVE-2018-6443
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
Una vulnerabilidad en Brocade Network Advisor Versions, en versiones anteriores a la 14.3.1, puede permitir a un usuario no autenticado iniciar sesión en la interfaz de JBoss Administration de un sistema afectado, utilizando las credenciales de un usuario no documentado e instalar aplicaciones JEE adicionales. Un usuario remoto no autenticado con acceso a librerías "Network Advisor" del cliente y capacitado para descifrar las credenciales de Jboss podría obtener acceso a la consola web de Jboss.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-31 CVE Reserved
- 2019-01-22 CVE Published
- 2019-05-21 First Exploit
- 2024-06-14 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html | X_refsource_misc |
|
| https://security.netapp.com/advisory/ntap-20190411-0005 | Third Party Advisory |
|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46887 | 2019-05-21 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Brocade Search vendor "Brocade" | Network Advisor Search vendor "Brocade" for product "Network Advisor" | < 14.3.1 Search vendor "Brocade" for product "Network Advisor" and version " < 14.3.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Brocade Network Advisor Search vendor "Netapp" for product "Brocade Network Advisor" | - | - |
Affected
| ||||||