Broadcom Security Vulnerabilities

CVE-2023-27783

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.

CVE-2023-27784

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.

CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.

CVE-2023-27786

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.

CVE-2023-27787

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.

CVE-2023-27788

An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.

CVE-2023-27789

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.

CVE-2023-31096

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process ...

CVE-2023-31423

Possibleinformation exposure through log file vulnerability where sensitivefields are recorded in the configuration log without masking on BrocadeSANnav before v2.3.0 and 2.2.2a. Notes:To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave"output...

CVE-2023-31424

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2aallows remote unauthenticated users to bypass web authentication andauthorization.

CVE-2023-31425

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabl...

CVE-2023-31426

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

CVE-2023-31427

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVE-2023-31428

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.

CVE-2023-31429

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of...

CVE-2023-31430

A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

CVE-2023-31431

A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.

CVE-2023-31432

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

CVE-2023-31925

BrocadeSANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwordsin plaintext. A privileged user could retrieve these credentials withknowledge and access to these log files. SNMPcredentials could be seen in SANnav SupportSave if the capture isperformed after an SNMP configuration fail...

CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.

CVE-2023-31927

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.

CVE-2023-31928

A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools ...

CVE-2023-3489

Thefirmwaredownload command on Brocade Fabric OS v9.2.0 could log theFTP/SFTP/SCP server password in clear text in the SupportSave file whenperforming a downgrade from Fabric OS v9.2.0 to any earlier version ofFabric OS.

CVE-2023-37790

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

CVE-2023-4163

InBrocade Fabric OS before v9.2.0a, a local authenticated privileged usercan trigger a buffer overflow condition, leading to a kernel panic withlarge input to buffers in the portcfgfportbuffers command.

CVE-2023-4256

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a ...

CVE-2023-4323

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers

CVE-2023-4325

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities

CVE-2023-4326

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites

CVE-2023-4327

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

CVE-2023-4331

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

CVE-2023-4332

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

CVE-2023-4333

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

CVE-2023-4334

Broadcom RAID Controller Web server (nginx) is serving private files without any authentication

CVE-2023-4335

Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux

CVE-2023-4336

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute

CVE-2023-4337

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation

CVE-2023-4338

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers

CVE-2023-4339

Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions

CVE-2023-4340

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

CVE-2023-4342

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy

CVE-2023-4343

Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter

CVE-2023-4344

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection

CVE-2023-4345

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user

CVE-2024-23613

A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

CVE-2024-23614

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.