Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
broadcomBroadcom Security ResponseBSNSA22510
HistoryAug 29, 2023 - 12:00 a.m.

CVE-2023-3489 - firmwaredownload command could log servers passwords in clear text

2023-08-2900:00:00
Broadcom Security Response
support.broadcom.com
12
brocade
firmware
security
passwords
ftp
sftp
scp
supportsave
downgrade

0.001 Low

EPSS

Percentile

37.2%

JSON

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

CVE Details
The firmwaredownload command downloads the Brocade Fabric OS firmware to the Brocade Switch by using FTP, SFTP, SCP, or HTTPs, or a USB device with the downloaded firmware. The firmwaredownload command supports both non-interactive and interactive modes.

In Brocade Fabric OS v9.2.0, the command exposes the server password in clear text in theSupportSave file when it is collected. The issue is fixed in Brocade Fabric OS v9.2.0a, therefore a migration to/from Brocade Fabric OS v9.2.0a and later versions will not log passwords or sensitive data when the command is executed through the CLI, REST API or the web interface non-interactively.

Affected configurations

Vulners
Node
broadcombrocade_fabric_operating_systemMatch9.2.0
CPENameOperatorVersion
brocade fabric oseq9.2.0

Related

nvd 1
cve 1
prion 1
cvelist 1
nvd
nvd
CVE-2023-3489
2023-08-31 00:15:07
cve
cve
CVE-2023-3489
2023-08-31 00:15:07
prion
prion
Design/Logic Flaw
2023-08-31 00:15:00
cvelist
cvelist
CVE-2023-3489 firmwaredownload command could log servers passwords in clear text
2023-08-30 23:56:07

0.001 Low

EPSS

Percentile

37.2%

JSON
Related for BSNSA22510
nvd1cve1prion1cvelist1