VYPR

Fabric OS

by Brocade

CVEs (85)

  • CVE-2022-33186CriDec 8, 2022
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying…

  • CVE-2021-27797CriFeb 21, 2022
    risk 0.64cvss 9.8epss 0.01

    Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

  • CVE-2020-15374CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

  • CVE-2020-15373CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.02

    Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

  • CVE-2020-15371CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

  • CVE-2018-6440CriDec 3, 2018
    risk 0.59cvss 9.1epss 0.02

    A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.

  • CVE-2022-33183HigOct 25, 2022
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.

  • CVE-2022-33179HigOct 25, 2022
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.

  • CVE-2022-28169HigOct 25, 2022
    risk 0.57cvss 8.8epss 0.01

    Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this…

  • CVE-2020-15369HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.01

    Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to…

  • CVE-2018-6442HigNov 8, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.

  • CVE-2016-8202HigMay 8, 2017
    risk 0.57cvss 8.8epss 0.03

    A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface.…

  • CVE-2025-1976MedKEVApr 24, 2025
    risk 0.56cvss 6.7epss 0.01

    Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

  • CVE-2023-3454HigApr 4, 2024
    risk 0.56cvss 8.6epss 0.01

    Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

  • CVE-2023-3489HigAug 31, 2023
    risk 0.56cvss 8.6epss 0.00

    The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

  • CVE-2024-5460HigJun 26, 2024
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to…

  • CVE-2024-5461HigFeb 15, 2025
    risk 0.52cvss 8.0epss 0.00

    Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP…

  • CVE-2024-7517HigNov 21, 2024
    risk 0.51cvss 7.8epss 0.01

    A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only…

  • CVE-2023-31432HigAug 2, 2023
    risk 0.51cvss 7.8epss 0.00

    Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

  • CVE-2023-31427HigAug 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account…

Page 1 of 5