Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fabric_operating_system
(Broadcom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 79 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-24 | CVE-2025-1976 | Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | Fabric_operating_system | 6.7 | ||
| 2024-07-09 | CVE-2024-3596 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | Brocade_sannav, Fabric_operating_system, Freeradius, Sonicos | 9.0 | ||
| 2022-08-05 | CVE-2021-27798 | A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report. | Fabric_operating_system | 5.5 | ||
| 2023-08-01 | CVE-2023-31425 | A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | Fabric_operating_system | 7.8 | ||
| 2023-08-01 | CVE-2023-31427 | Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | Fabric_operating_system | 7.8 | ||
| 2023-08-31 | CVE-2023-3489 | The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | Fabric_operating_system | 7.5 | ||
| 2023-08-31 | CVE-2023-4163 | In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | Fabric_operating_system | 4.4 | ||
| 2024-04-04 | CVE-2023-3454 | Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. | Fabric_operating_system | 9.8 | ||
| 2024-04-05 | CVE-2023-5973 | Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. | Fabric_operating_system | 4.3 | ||
| 2024-06-26 | CVE-2024-29953 | A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords. | Fabric_operating_system | 4.3 |