All the vulnerabilites related to Brocade - Brocade Fabric OS
cve-2023-31426
Vulnerability from cvelistv5
Published
2023-08-01 21:18
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
scp, sftp, ftp servers passwords in supportsave
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Brocade | Brocade Fabric OS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T14:15:50.047091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:01:31.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:31.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brocade Fabric OS ",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cp\u003eThe Brocade Fabric OS Commands \u201cconfigupload\u201d and \u201cconfigdownload\u201d before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\u003c/p\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nThe Brocade Fabric OS Commands \u201cconfigupload\u201d and \u201cconfigdownload\u201d before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T21:16:11.404Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "scp, sftp, ftp servers passwords in supportsave",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-31426",
"datePublished": "2023-08-01T21:18:55.037Z",
"dateReserved": "2023-04-28T00:14:58.124Z",
"dateUpdated": "2024-08-02T14:53:31.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16203
Vulnerability from cvelistv5
Published
2020-02-05 15:16
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200511-0008/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Brocade | Brocade Fabric OS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T16:06:27",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d"
}
]
}
}
]
},
"vendor_name": "Brocade"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200511-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16203",
"datePublished": "2020-02-05T15:16:01",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31430
Vulnerability from cvelistv5
Published
2023-08-01 23:31
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
buffer overflow vulnerability in “secpolicydelete” command
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Brocade | Brocade Fabric OS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:31.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22381"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brocade Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": " before Brocade Fabric OS v9.1.1c and v9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in \u201csecpolicydelete\u201d command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.\u003cbr\u003e\n\n"
}
],
"value": "A buffer overflow vulnerability in \u201csecpolicydelete\u201d command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-25",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-25 Forced Deadlock"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T23:31:00.376Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22381"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "buffer overflow vulnerability in \u201csecpolicydelete\u201d command",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-31430",
"datePublished": "2023-08-01T23:31:00.376Z",
"dateReserved": "2023-04-28T00:14:58.125Z",
"dateUpdated": "2024-08-02T14:53:31.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4163
Vulnerability from cvelistv5
Published
2023-08-31 00:04
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Brocade | Brocade Fabric OS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Directors",
"Embedded Switches",
"Switches"
],
"product": "Brocade Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Fabric OS before v9.2.0a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nIn\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"
}
],
"value": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T00:04:39.287Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-4163",
"datePublished": "2023-08-31T00:04:39.287Z",
"dateReserved": "2023-08-04T18:24:36.610Z",
"dateUpdated": "2024-08-02T07:17:12.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16204
Vulnerability from cvelistv5
Published
2020-02-05 15:16
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200511-0007/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Brocade | Brocade Fabric OS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS Versions before v7.4.2f"
},
{
"status": "affected",
"version": "v8.2.2a"
},
{
"status": "affected",
"version": "v8.1.2j and v8.2.1d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T16:06:26",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS Versions before v7.4.2f"
},
{
"version_value": "v8.2.2a"
},
{
"version_value": "v8.1.2j and v8.2.1d"
}
]
}
}
]
},
"vendor_name": "Brocade"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200511-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16204",
"datePublished": "2020-02-05T15:16:23",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}