VYPR

Fabric OS

by Brocade

CVEs (85)

  • CVE-2023-31425HigAug 1, 2023
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root”…

  • CVE-2022-33185HigOct 25, 2022
    risk 0.51cvss 7.8epss 0.00

    Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as…

  • CVE-2022-33184HigOct 25, 2022
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.

  • CVE-2022-33182HigOct 25, 2022
    risk 0.51cvss 7.8epss 0.00

    A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload,…

  • CVE-2021-27794HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

  • CVE-2021-27792HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP…

  • CVE-2021-27790HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution…

  • CVE-2018-6439HigDec 3, 2018
    risk 0.51cvss 7.8epss 0.00

    A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-6438HigNov 8, 2018
    risk 0.51cvss 7.8epss 0.00

    A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-6437HigNov 8, 2018
    risk 0.51cvss 7.8epss 0.00

    A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-6436HigNov 8, 2018
    risk 0.51cvss 7.8epss 0.00

    A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-6441HigNov 8, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.

  • CVE-2018-6435HigNov 8, 2018
    risk 0.51cvss 7.8epss 0.00

    A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.

  • CVE-2024-5462HigFeb 15, 2025
    risk 0.49cvss 7.5epss 0.00

    If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if…

  • CVE-2024-10403HigNov 21, 2024
    risk 0.49cvss 7.5epss 0.01

    Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via…

  • CVE-2020-15383HigJun 9, 2021
    risk 0.49cvss 7.5epss 0.01

    Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

  • CVE-2018-6448HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

  • CVE-2019-16204HigFeb 5, 2020
    risk 0.49cvss 7.5epss 0.01

    Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

  • CVE-2019-16203HigFeb 5, 2020
    risk 0.49cvss 7.5epss 0.01

    Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

  • CVE-2018-6434HigNov 8, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.

Page 2 of 5