Vulnerability Details CVE-2016-8204
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.713
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.securityfocus.com/bid/95695
- http://www.zerodayinitiative.com/advisories/ZDI-17-049
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-177
- http://www.securityfocus.com/bid/95695
- http://www.zerodayinitiative.com/advisories/ZDI-17-049
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-177
Products affected by CVE-2016-8204
-
cpe:2.3:a:broadcom:brocade_network_advisor:12.4.0
-
cpe:2.3:a:broadcom:brocade_network_advisor:12.4.1
-
cpe:2.3:a:broadcom:brocade_network_advisor:12.4.2
-
cpe:2.3:a:broadcom:brocade_network_advisor:12.4.3
-
cpe:2.3:a:broadcom:brocade_network_advisor:12.4.4
-
cpe:2.3:a:broadcom:brocade_network_advisor:14.0.0
-
cpe:2.3:a:broadcom:brocade_network_advisor:14.0.1
-
cpe:2.3:a:broadcom:brocade_network_advisor:14.0.2