VYPR

Fabric OS

by Brocade

CVEs (85)

  • CVE-2020-15387HigJun 9, 2021
    risk 0.48cvss 7.4epss 0.00

    The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

  • CVE-2022-33178HigOct 25, 2022
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

  • CVE-2024-7516HigNov 12, 2024
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote…

  • CVE-2023-31926HigAug 2, 2023
    risk 0.46cvss 7.1epss 0.00

    System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.

  • CVE-2023-31426MedAug 1, 2023
    risk 0.44cvss 6.8epss 0.01

    The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

  • CVE-2020-15375MedDec 11, 2020
    risk 0.44cvss 6.7epss 0.00

    Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary…

  • CVE-2021-27795MedDec 6, 2023
    risk 0.42cvss 6.4epss 0.00

    Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a…

  • CVE-2022-28170MedOct 25, 2022
    risk 0.42cvss 6.5epss 0.00

    Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.

  • CVE-2021-27789MedMar 18, 2022
    risk 0.42cvss 6.5epss 0.01

    The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture…

  • CVE-2020-15388MedMar 18, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.

  • CVE-2021-27796MedFeb 21, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem…

  • CVE-2020-15370MedSep 25, 2020
    risk 0.42cvss 6.5epss 0.01

    Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

  • CVE-2017-6227MedFeb 8, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router…

  • CVE-2023-31928MedAug 2, 2023
    risk 0.41cvss 6.3epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session…

  • CVE-2018-6449MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

  • CVE-2017-6225MedFeb 8, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based…

  • CVE-2024-29954MedJun 26, 2024
    risk 0.38cvss 5.9epss 0.00

    A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail.…

  • CVE-2023-31431MedAug 2, 2023
    risk 0.36cvss 5.5epss 0.00

    A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.

  • CVE-2023-31430MedAug 2, 2023
    risk 0.36cvss 5.5epss 0.00

    A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

  • CVE-2023-31428MedAug 2, 2023
    risk 0.36cvss 5.5epss 0.00

    Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.