BrocadeCVELIST:CVE-2023-3489CVE-2023-3489 firmwaredownload command could log servers passwords in clear text
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.2%
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Director",
"Switches",
"Extension Switches"
],
"product": "Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS v9.2.0"
}
]
}
]Related
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.2%