Fabric Operating System Security Vulnerabilities and Issues — Fabric Operating System CVE List

Lucene search

BroadcomFabric Operating System

10 matches found

CVE•added 2024/04/04 8:15 p.m.•4707 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

7.3CVSS7.1AI score0.03698EPSS

CVE•added 2024/07/09 12:15 p.m.•4336 views

CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

9CVSS6.4AI score0.0084EPSS

CVE•added 2024/04/04 8:15 p.m.•3714 views

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

6.3CVSS7AI score0.01253EPSS

CVE•added 2024/06/26 12:15 a.m.•100 views

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail.When the firmwaredownload...

5.9CVSS5.5AI score0.00034EPSS

CVE•added 2024/06/26 12:15 a.m.•68 views

CVE-2024-29953

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms.This could allow an authenticated user to view other users' session encoded passwords.

4.3CVSS4.5AI score0.0017EPSS

CVE•added 2024/06/26 12:15 a.m.•61 views

CVE-2024-5460

A vulnerability in the default configuration of the Simple NetworkManagement Protocol (SNMP) feature of Brocade Fabric OS versions beforev9.0.0 could allow an authenticated, remote attacker to read data froman affected device via SNMP. The vulnerability is due to hard-coded,default community string...

8.1CVSS8AI score0.00114EPSS

CVE•added 2024/04/04 5:15 p.m.•55 views

CVE-2023-3454

Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

9.8CVSS9.1AI score0.02796EPSS

CVE•added 2024/11/21 11:15 a.m.•55 views

CVE-2024-10403

Brocade Fabric OS versions before8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a cancapture the SFTP/FTP server password used for a firmware downloadoperation initiated by SANnav or through WebEM in a weblinker core dumpthat is later captured via supportsave.

7.5CVSS6.9AI score0.0009EPSS

CVE•added 2024/04/05 3:15 a.m.•42 views

CVE-2023-5973

BrocadeWeb Interface in Brocade Fabric OS v9.x and before v9.2.0 does notproperly represent the portName to the user if the portName containsreserved characters. This could allow an authenticated user to alter theUI of the Brocade Switch and change ports display.

4.3CVSS4.5AI score0.00195EPSS

CVE•added 2024/11/12 7:15 p.m.•37 views

CVE-2024-7516

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a swi...

7.1CVSS6.4AI score0.00034EPSS