VYPR

Vendor CVEs

Brocade

All CVEs

148 total · sorted by risk
  • CVE-2022-28169Oct 25, 2022
    risk 0.00cvss epss 0.01

    Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this…

  • CVE-2022-33184Oct 25, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.

  • CVE-2022-33178Oct 25, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

  • CVE-2022-33185Oct 25, 2022
    risk 0.00cvss epss 0.00

    Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as…

  • CVE-2022-33181Oct 25, 2022
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.

  • CVE-2022-33182Oct 25, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload,…

  • CVE-2021-27798Aug 5, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described…

  • CVE-2022-28167Jun 27, 2022
    risk 0.00cvss epss 0.01

    Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log

  • CVE-2022-28161May 9, 2022
    risk 0.00cvss epss 0.00

    An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the…

  • CVE-2022-28165May 6, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The…

  • CVE-2020-15388Mar 18, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.

  • CVE-2021-27789Mar 18, 2022
    risk 0.00cvss epss 0.01

    The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture…

  • CVE-2021-27797Feb 21, 2022
    risk 0.00cvss epss 0.01

    Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

  • CVE-2021-27796Feb 21, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem…

  • CVE-2021-27794Aug 12, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

  • CVE-2020-15384Jun 9, 2021
    risk 0.00cvss epss 0.01

    Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.

  • CVE-2020-15387Jun 9, 2021
    risk 0.00cvss epss 0.00

    The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

  • CVE-2020-15378Jun 9, 2021
    risk 0.00cvss epss 0.01

    The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.

  • CVE-2020-15377Jun 9, 2021
    risk 0.00cvss epss 0.01

    Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).

  • CVE-2020-15383Jun 9, 2021
    risk 0.00cvss epss 0.01

    Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

  • CVE-2020-15382Jun 9, 2021
    risk 0.00cvss epss 0.01

    Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.

  • CVE-2020-15375Dec 11, 2020
    risk 0.00cvss epss 0.00

    Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary…

  • CVE-2020-15376Dec 11, 2020
    risk 0.00cvss epss 0.01

    Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated…

  • CVE-2020-15374Sep 25, 2020
    risk 0.00cvss epss 0.01

    Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

  • CVE-2018-6448Sep 25, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

  • CVE-2018-6449Sep 25, 2020
    risk 0.00cvss epss 0.01

    Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

  • CVE-2019-16212Sep 25, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.

  • CVE-2018-6446Jun 29, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.

  • CVE-2019-16204Feb 5, 2020
    risk 0.00cvss epss 0.01

    Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

  • CVE-2019-16203Feb 5, 2020
    risk 0.00cvss epss 0.01

    Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

  • CVE-2019-16209Nov 8, 2019
    risk 0.00cvss epss 0.01

    A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

  • CVE-2019-16206Nov 8, 2019
    risk 0.00cvss epss 0.00

    The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information.

  • CVE-2019-16205Nov 8, 2019
    risk 0.00cvss epss 0.01

    A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

  • CVE-2018-6445Jan 22, 2019
    risk 0.00cvss epss 0.02

    A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor…

  • CVE-2018-6444Jan 22, 2019
    risk 0.00cvss epss 0.03

    A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.

  • CVE-2018-6440Dec 3, 2018
    risk 0.00cvss epss 0.02

    A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.

  • CVE-2018-6438Nov 8, 2018
    risk 0.00cvss epss 0.00

    A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-6437Nov 8, 2018
    risk 0.00cvss epss 0.00

    A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-6433Nov 8, 2018
    risk 0.00cvss epss 0.00

    A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.

  • CVE-2018-6435Nov 8, 2018
    risk 0.00cvss epss 0.00

    A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.

  • CVE-2018-6442Nov 8, 2018
    risk 0.00cvss epss 0.02

    A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.

  • CVE-2014-4870Oct 7, 2014
    risk 0.00cvss epss 0.00

    /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.

  • CVE-2014-4869Oct 7, 2014
    risk 0.00cvss epss 0.01

    The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.

  • CVE-2014-4868Oct 7, 2014
    risk 0.00cvss epss 0.03

    The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command.

  • CVE-2013-7307Jan 23, 2014
    risk 0.00cvss epss 0.01

    The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause…

  • CVE-2013-7306Jan 23, 2014
    risk 0.00cvss epss 0.01

    The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing…

  • CVE-2011-2760Jul 17, 2011
    risk 0.00cvss epss 0.02

    Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.

  • CVE-2004-1663Sep 4, 2004
    risk 0.00cvss epss 0.04

    Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.

Page 3 of 3