CVE-2023-31426

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

CVE-2023-31427

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVE-2023-31429

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of s...

CVE-2023-4163

InBrocade Fabric OS before v9.2.0a, a local authenticated privileged usercan trigger a buffer overflow condition, leading to a kernel panic withlarge input to buffers in the portcfgfportbuffers command.

CVE-2023-31425

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabl...

CVE-2023-3489

Thefirmwaredownload command on Brocade Fabric OS v9.2.0 could log theFTP/SFTP/SCP server password in clear text in the SupportSave file whenperforming a downgrade from Fabric OS v9.2.0 to any earlier version ofFabric OS.