CLI allows upload or transfer files of dangerous types

Vulnerability

The vulnerability resides in the command-line interface (CLI) of Brocade Fabric OS. A local user can exploit the grep command to dump files located under their own home directory. This affects all versions of Brocade Fabric OS before v9.1.1c and v9.2.0 [1]. No special configuration is required; the code path is reachable by any authenticated local user.

Exploitation

An attacker must have local access to the system with a valid user account. No additional privileges or user interaction beyond logging in are needed. The attacker can execute the grep command on files within their home directory to read their contents. The exact sequence of commands is not publicly detailed, but the vulnerability allows the attacker to dump file contents via grep.

Impact

Successful exploitation results in information disclosure of files residing in the attacker's home directory. The attacker gains read access to those files, potentially exposing sensitive data such as configuration files, credentials, or logs. The compromise is limited to the user's own files; no privilege escalation or broader system access is achieved.

Mitigation

Broadcom has released fixed versions: Brocade Fabric OS v9.1.1c and v9.2.0 [1]. Users should upgrade to these versions to remediate the vulnerability. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.