Lucene search

BrocadeCVELIST:CVE-2023-31428

HistoryAug 01, 2023 - 11:41 p.m.

CVE-2023-31428 CLI allows upload or transfer files of dangerous types

2023-08-0123:41:41

CWE-434

brocade

www.cve.org

cve-2023-31428

brocade fabric os

file upload

command line

user dumping

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user’s home directory using grep.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Fabric OS",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "before Brocade Fabric OS v9.1.1c, v9.2.0"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20230908-0007/

support.broadcom.com/external/content/SecurityAdvisories/0/22380

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-31428