Lucene search

[email protected]CVE-2023-5973

HistoryApr 05, 2024 - 3:15 a.m.

CVE-2023-5973

2024-04-0503:15:07

CWE-346

[email protected]

web.nvd.nist.gov

brocade fabric os

ui alteration

portname manipulation

cve-2023-5973

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Brocade
Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not
properly represent the portName to the user if the portName contains
reserved characters. This could allow an authenticated user to alter the
UI of the Brocade Switch and change ports display.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Fabric OS",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "Versions v9.x and before v9.2.0"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20240628-0005/

support.broadcom.com/external/content/SecurityAdvisories/0/23214

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-5973

cvelist1 broadcom1 vulnrichment1 nvd1