Priv Escalation via fosexec in Brocade FoOS <9.1.1
CVE-2023-31425 Published on August 1, 2023
Privilege escalation via the fosexec command
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, root account access is disabled.
Vulnerability Analysis
CVE-2023-31425 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2023-31425
stack.watch emails you whenever new vulnerabilities are published in Broadcom Fabric Operating System or Brocade Fabric Os. Just hit a watch button to start following.
Affected Versions
Brocade Fabric OS Version after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 is affected by CVE-2023-31425Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.