Lucene search

BrocadeCVE-2023-31432

HistoryAug 02, 2023 - 12:15 a.m.

CVE-2023-31432

2023-08-0200:15:17

CWE-269

brocade

web.nvd.nist.gov

cve-2023-31432

privilege escalation

brocade fabric os

security vulnerability

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

Affected configurations

Nvd

Node

broadcombrocade_fabric_operating_systemRange<9.1.1c

VendorProductVersionCPE
broadcombrocade_fabric_operating_system*cpe:2.3:o:broadcom:brocade_fabric_operating_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	brocade_fabric_operating_system	*	cpe:2.3:o:broadcom:brocade_fabric_operating_system::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Fabric OS",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "before Brocade Fabric OS v9.1.1c and v9.2.0"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20230908-0007/

support.broadcom.com/external/content/SecurityAdvisories/0/22385

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-31432