CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7517

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.2%

CVSS Severity

CVSS v3 Score 7.8

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25071

Products affected by CVE-2024-7517

Brocade » Fabric Operating System » Version: Any

cpe:2.3:o:brocade:fabric_operating_system:*
Brocade » Fabric Operating System » Version: N/A

cpe:2.3:o:brocade:fabric_operating_system:-
Brocade » Fabric Operating System » Version: 7.4.2j

cpe:2.3:o:brocade:fabric_operating_system:7.4.2j
Brocade » Fabric Operating System » Version: 8.2.2

cpe:2.3:o:brocade:fabric_operating_system:8.2.2
Brocade » Fabric Operating System » Version: 8.2.3c

cpe:2.3:o:brocade:fabric_operating_system:8.2.3c
Brocade » Fabric Operating System » Version: 9.0.1e

cpe:2.3:o:brocade:fabric_operating_system:9.0.1e
Brocade » Fabric Operating System » Version: 9.1.1

cpe:2.3:o:brocade:fabric_operating_system:9.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7517

Products

Pricing

Contact Us