// For flags

CVE-2023-31425

Privilege escalation via the fosexec command

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.

Una vulnerabilidad en el comando fosexec de Brocade Fabric OS después de Brocade Fabric OS v9.1.0 y, antes de Brocade Fabric OS v9.1.1 podría permitir a un usuario local autenticado realizar una escalada de privilegios a root rompiendo el shell rbash. A partir de Fabric OS v9.1.0, el acceso a la cuenta "root" está deshabilitado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-04-28 CVE Reserved
  • 2023-08-01 CVE Published
  • 2023-08-02 EPSS Updated
  • 2024-10-18 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
  • CAPEC-233: Privilege Escalation
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Broadcom
Search vendor "Broadcom"
 Fabric Operating System
Search vendor "Broadcom" for product "Fabric Operating System"
 9.1.0
Search vendor "Broadcom" for product "Fabric Operating System" and version "9.1.0"
-
Affected