Vulnerabilities > Broadcom > Fabric Operating System

DATE CVE VULNERABILITY TITLE RISK
2024-06-26 CVE-2024-29954 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files.
local
low complexity
broadcom CWE-532
5.5
2023-12-06 CVE-2021-27795 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys.
network
high complexity
broadcom CWE-327
8.1
2023-08-31 CVE-2023-4163 Classic Buffer Overflow vulnerability in Broadcom Fabric Operating System
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.
local
low complexity
broadcom CWE-120
4.4
2023-08-31 CVE-2023-3489 Cleartext Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System 9.2.0
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.
network
low complexity
broadcom CWE-312
7.5
2023-08-01 CVE-2023-31427 Path Traversal vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege.
local
low complexity
broadcom CWE-22
7.8
2023-08-01 CVE-2023-31426 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave.
network
low complexity
broadcom CWE-532
6.5
2023-08-01 CVE-2023-31425 OS Command Injection vulnerability in Broadcom Fabric Operating System 9.1.0
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell.
local
low complexity
broadcom CWE-78
7.8
2023-08-01 CVE-2023-31429 Command Injection vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.
local
low complexity
broadcom CWE-77
5.5
2022-10-25 CVE-2022-28169 Improper Privilege Management vulnerability in Broadcom Fabric Operating System
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user.
network
low complexity
broadcom CWE-269
8.8
2022-10-25 CVE-2022-28170 Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements.
local
low complexity
broadcom CWE-922
6.5