Lucene search

BrocadeCVE-2023-31427

HistoryAug 01, 2023 - 11:15 p.m.

CVE-2023-31427

2023-08-0123:15:28

CWE-22

brocade

web.nvd.nist.gov

brocade

fabric os

cve-2023-31427

security

access control

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

9.9%

JSON

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

Affected configurations

Nvd

Node

broadcomfabric_operating_systemRange<9.1.1c

VendorProductVersionCPE
broadcomfabric_operating_system*cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	fabric_operating_system	*	cpe:2.3:o:broadcom:fabric_operating_system::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Fabric OS",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "after 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20230908-0007/

support.broadcom.com/external/content/SecurityAdvisories/0/22379

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for CVE-2023-31427