CVE-2016-8202 (GCVE-0-2016-8202)
Vulnerability from cvelistv5
Published
2017-05-08 18:00
Modified
2024-08-06 02:13
Severity ?
Summary
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
References
sirt@brocade.comhttp://www.securityfocus.com/bid/98332Third Party Advisory, VDB Entry
sirt@brocade.comhttp://www.securitytracker.com/id/1038401
sirt@brocade.comhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_usThird Party Advisory
sirt@brocade.comhttps://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98332Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038401
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208
Impacted products
Vendor Product Version
Brocade Communications Systems, Inc. Fibre Channel SAN products running Brocade Fabric OS (FOS). Version: Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:13:21.819Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1038401",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1038401",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us",
               },
               {
                  name: "98332",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/98332",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Fibre Channel SAN products running Brocade Fabric OS (FOS).",
               vendor: "Brocade Communications Systems, Inc.",
               versions: [
                  {
                     status: "affected",
                     version: "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b",
                  },
               ],
            },
         ],
         datePublic: "2017-05-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Privilege escalation.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-15T18:57:01",
            orgId: "87b297d7-335e-4844-9551-11b97995a791",
            shortName: "brocade",
         },
         references: [
            {
               name: "1038401",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1038401",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us",
            },
            {
               name: "98332",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/98332",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "sirt@brocade.com",
               ID: "CVE-2016-8202",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Fibre Channel SAN products running Brocade Fabric OS (FOS).",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Brocade Communications Systems, Inc.",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Privilege escalation.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1038401",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1038401",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us",
                  },
                  {
                     name: "98332",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/98332",
                  },
                  {
                     name: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208",
                     refsource: "CONFIRM",
                     url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791",
      assignerShortName: "brocade",
      cveId: "CVE-2016-8202",
      datePublished: "2017-05-08T18:00:00",
      dateReserved: "2016-09-13T00:00:00",
      dateUpdated: "2024-08-06T02:13:21.819Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.4.1c\", \"matchCriteriaId\": \"1F1B2095-2EAB-40F5-ABC1-3B592413A09F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA532CBE-FCAF-4AE7-9A39-808864223E41\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de escalamiento de privilegios en los productos de Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) versiones anteriores a 7.4.1d y 8.0.1b, podr\\u00eda permitir a un atacante autenticado elevar los privilegios de las cuentas de usuario que acceden al sistema por medio de la interfaz de l\\u00ednea de comandos. En versiones afectadas, los usuarios no root pueden conseguir acceso root con una combinaci\\u00f3n de comandos y par\\u00e1metros de shell.\"}]",
         id: "CVE-2016-8202",
         lastModified: "2024-11-21T02:58:58.970",
         metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2017-05-08T18:29:00.217",
         references: "[{\"url\": \"http://www.securityfocus.com/bid/98332\", \"source\": \"sirt@brocade.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038401\", \"source\": \"sirt@brocade.com\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us\", \"source\": \"sirt@brocade.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208\", \"source\": \"sirt@brocade.com\"}, {\"url\": \"http://www.securityfocus.com/bid/98332\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038401\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "sirt@brocade.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2016-8202\",\"sourceIdentifier\":\"sirt@brocade.com\",\"published\":\"2017-05-08T18:29:00.217\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de escalamiento de privilegios en los productos de Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) versiones anteriores a 7.4.1d y 8.0.1b, podría permitir a un atacante autenticado elevar los privilegios de las cuentas de usuario que acceden al sistema por medio de la interfaz de línea de comandos. En versiones afectadas, los usuarios no root pueden conseguir acceso root con una combinación de comandos y parámetros de shell.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.4.1c\",\"matchCriteriaId\":\"1F1B2095-2EAB-40F5-ABC1-3B592413A09F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA532CBE-FCAF-4AE7-9A39-808864223E41\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98332\",\"source\":\"sirt@brocade.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038401\",\"source\":\"sirt@brocade.com\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us\",\"source\":\"sirt@brocade.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208\",\"source\":\"sirt@brocade.com\"},{\"url\":\"http://www.securityfocus.com/bid/98332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.