Broadcom Fabric Operating System

Brocade Fabric OS 9.1.0–9.1.1d6 Local Admin Arbitrary Code Exec
CVE-2025-1976 - April 24, 2025

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

Code Injection

Brocade Fabric OS SFTP/FTP Server Password Exposure in Core Dump
CVE-2024-10403 7.5 - High - November 21, 2024

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Files or Directories Accessible to External Parties

Brocade Fabric OS <9.2.2 Remote SSH Key Forgery Enables MITM Session Hijacking
CVE-2024-7516 7.1 - High - November 12, 2024

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.

Missing Authentication for Critical Function

RADIUS MD5 Response Authenticator Forgery via Chosen-Prefix Collision
CVE-2024-3596 9 - Critical - July 09, 2024

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Brocade Fabric OS Password API Reveals Passwords in Logs ( v9.2.1)
CVE-2024-29954 5.5 - Medium - June 26, 2024

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

Insertion of Sensitive Information into Log File

Brocade Fabric OS <=9.2.1: Session Password Disclosure
CVE-2024-29953 4.3 - Medium - June 26, 2024

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.

Insecure Storage of Sensitive Information

Auth Remote SNMP Read Hard-Coded Community String in Brocade Fabric OS <9.0.0
CVE-2024-5460 8.1 - High - June 26, 2024

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device.

Use of Hard-coded Credentials

Brocade Fabric OS v9.x Web UI Display Alteration via Reserved Characters
CVE-2023-5973 4.3 - Medium - April 05, 2024

Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.

Origin Validation Error

Apache HTTP Server Response Splitting via Faulty Input Validation < 2.4.58
CVE-2023-38709 7.3 - High - April 04, 2024

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Improper Validation of Specified Quantity in Input

Apache HTTP Server 2.4.59 Resolved HTTP Response Splitting in Modules
CVE-2024-24795 - April 04, 2024

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Brocade Fabric OS RCE v9.0-9.1.9 Switch
CVE-2023-3454 9.8 - Critical - April 04, 2024

Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

Shell injection

Brocade Fabric OS <9.2.0a Buffer Overflow via portcfgfportbuffers
CVE-2023-4163 4.4 - Medium - August 31, 2023

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.

Classic Buffer Overflow

Brocade Fabric OS 9.2.0 firmwaredownload logs cleartext passwords
CVE-2023-3489 7.5 - High - August 31, 2023

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

Cleartext Storage of Sensitive Information

Brocade Fabric OS <9.1.1c & 9.2.0 Local Priv Esc via Full Path Command Exec
CVE-2023-31427 7.8 - High - August 01, 2023

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, root account access is disabled.

Directory traversal

Remote Auth Info Leak in Brocade Fabric OS 9.2.0 via configupload/configdownload
CVE-2023-31426 6.5 - Medium - August 01, 2023

The Brocade Fabric OS Commands configupload and configdownload before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

Insertion of Sensitive Information into Log File

Priv Escalation via fosexec in Brocade FoOS <9.1.1
CVE-2023-31425 7.8 - High - August 01, 2023

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, root account access is disabled.

Shell injection

Brocade Fabric OS <=9.1.1c & 9.2.0 Output Leak via shell var interpolation
CVE-2023-31429 5.5 - Medium - August 01, 2023

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as chassisdistribute, reboot, rasman, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.

Command Injection

Brocade Fabric OS Webtools Priv Esc (before v9.1.1, v9.0.1e, v8.2.3c)
CVE-2022-28169 8.8 - High - October 25, 2022

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.

Improper Privilege Management

Brocade Fabric OS CLI <= v9.1.0 Export Sensitive Files via seccryptocfg
CVE-2022-33180 5.5 - Medium - October 25, 2022

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with seccryptocfg, configupload.

Brocade Fabric OS CLI Local Auth Escalation Prior to v9.1.0
CVE-2022-33179 8.8 - High - October 25, 2022

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with set context and escalate privileges.

Brocade Fabric OS Web App debug expose passwords (pre v9.1.0)
CVE-2022-28170 6.5 - Medium - October 25, 2022

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.

Insecure Storage of Sensitive Information

Brocade Fabric OS <9.0.1e & <9.1.0 stack overflow (CVE-2022-33185)
CVE-2022-33185 7.8 - High - October 25, 2022

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.

Memory Corruption

Local Auth Root Exploit: Stack Buffer Overflow in Brocade Fabric OS <9.1.1
CVE-2022-33184 7.8 - High - October 25, 2022

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.

Memory Corruption

Brocade Fabric OS CLI Buffer Overflow <v9.1.0
CVE-2022-33183 8.8 - High - October 25, 2022

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in firmwaredownload and diagshow commands.

Memory Corruption

Privilege Escalation in Brocade Fabric OS CLI (<v9.1.0) via switch commands
CVE-2022-33182 7.8 - High - October 25, 2022

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands supportlink, firmwaredownload, portcfgupload, license, and fosexec.

Brocade Fabric OS CLI Local Info Disclosure via configshow & supportlink pre-9.1.0
CVE-2022-33181 5.5 - Medium - October 25, 2022

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands configshow and supportlink.

Remote RCE via RADIUS in Brocade Fabric OS <9.0
CVE-2022-33178 7.2 - High - October 25, 2022

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.

Improper Input Validation

Brocade Fabric OS 7.3.x/7.4.1b Directory Traversal (privileged)
CVE-2021-27798 5.5 - Medium - August 05, 2022

A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.

Directory traversal

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could
CVE-2020-15388 6.5 - Medium - March 18, 2022

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements
CVE-2021-27789 6.5 - Medium - March 18, 2022

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could
CVE-2021-27796 6.5 - Medium - February 21, 2022

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the user or factory account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could
CVE-2021-27797 9.8 - Critical - February 21, 2022

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

Use of Hard-coded Credentials

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a
CVE-2021-27790 7.8 - High - August 12, 2021

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

Memory Corruption

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header
CVE-2021-27791 5.4 - Medium - August 12, 2021

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

Out-of-bounds Read

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a
CVE-2021-27792 7.8 - High - August 12, 2021

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0
CVE-2021-27793 5.3 - Medium - August 12, 2021

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

AuthZ

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could
CVE-2021-27794 7.8 - High - August 12, 2021

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

authentification

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits
CVE-2020-15387 7.4 - High - June 09, 2021

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

Inadequate Encryption Strength

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning
CVE-2020-15386 5.3 - Medium - June 09, 2021

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0
CVE-2020-15383 7.5 - High - June 09, 2021

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

curl 7.63.0 to and including 7.75.0 includes vulnerability
CVE-2021-22890 3.7 - Low - April 01, 2021

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

Authentication Bypass by Spoofing

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header
CVE-2021-22876 5.3 - Medium - April 01, 2021

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

Information Disclosure

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32
CVE-2019-25013 5.9 - Medium - January 04, 2021

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Out-of-bounds Read

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation
CVE-2020-15376 4.3 - Medium - December 11, 2020

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

Brocade Fabric OS versions before v9.0.0
CVE-2020-15375 6.7 - Medium - December 11, 2020

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

Improper Input Validation

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13
CVE-2020-29660 4.4 - Medium - December 09, 2020

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

Dangling pointer

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13
CVE-2020-29661 7.8 - High - December 09, 2020

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

Dangling pointer

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could
CVE-2018-6448 - September 25, 2020

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d
CVE-2020-15374 9.8 - Critical - September 25, 2020

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could
CVE-2020-15373 9.8 - Critical - September 25, 2020

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

Buffer Overflow