Broadcom: >> Fabric Operating System >> 7.4.2j Security Vulnerabilities
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
CVSS Score
7.2
EPSS Score
0.042
Published
2022-10-25
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-25
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-18
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-06-09
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-09-25
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
CVSS Score
6.1
EPSS Score
0.003
Published
2020-09-25
Page 3