Lucene search

BrocadeVULNRICHMENT:CVE-2023-5973

HistoryApr 05, 2024 - 2:33 a.m.

CVE-2023-5973 Truncated port name

2024-04-0502:33:46

CWE-346

brocade

github.com

cve-2023-5973

brocade

fabric os v9.x

web interface

portname

truncated

user interface

altered

authenticated user

brocade switch

port display

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

JSON

Brocade
Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not
properly represent the portName to the user if the portName contains
reserved characters. This could allow an authenticated user to alter the
UI of the Brocade Switch and change ports display.

CNA Affected

[
  {
    "vendor": "Brocade",
    "product": "Fabric OS",
    "versions": [
      {
        "status": "affected",
        "version": "Versions v9.x and before v9.2.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security.netapp.com/advisory/ntap-20240628-0005/

support.broadcom.com/external/content/SecurityAdvisories/0/23214

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

JSON

Related for VULNRICHMENT:CVE-2023-5973