Fabric Operating System
Monthly
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to elevating the privileges of the local authenticated user to “root” using the exp (CVSS 7.8).
Brocade Fabric OS contains a command injection vulnerability that allows authenticated local users with shell access to read sensitive files and command history due to insecure storage practices. An attacker with local privileges can exploit this to access confidential information stored on the system. No patch is currently available.
Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 7.2).
Fabric Operating System contains a vulnerability that allows attackers to an authenticated, remote attacker with administrative credentials to execute ar (CVSS 7.2).
Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 5.5).
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2
Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed.
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to elevating the privileges of the local authenticated user to “root” using the exp (CVSS 7.8).
Brocade Fabric OS contains a command injection vulnerability that allows authenticated local users with shell access to read sensitive files and command history due to insecure storage practices. An attacker with local privileges can exploit this to access confidential information stored on the system. No patch is currently available.
Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 7.2).
Fabric Operating System contains a vulnerability that allows attackers to an authenticated, remote attacker with administrative credentials to execute ar (CVSS 7.2).
Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 5.5).
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2
Brocade Fabric OS 9.1.0 through 9.1.1d6 contains a code injection vulnerability that allows local admin users to execute arbitrary code with root privileges despite root access being removed.
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.