Vulnerabilities > Broadcom > Fabric Operating System > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-21 | CVE-2024-10403 | Files or Directories Accessible to External Parties vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | 7.5 |
| 2024-11-12 | CVE-2024-7516 | Missing Authentication for Critical Function vulnerability in Broadcom Fabric Operating System A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | 7.1 |
| 2024-06-26 | CVE-2024-5460 | Use of Hard-coded Credentials vulnerability in Broadcom Fabric Operating System A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. | 8.1 |
| 2023-12-06 | CVE-2021-27795 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Fabric Operating System Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. | 8.1 |
| 2023-08-31 | CVE-2023-3489 | Cleartext Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System 9.2.0 The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | 7.5 |
| 2023-08-01 | CVE-2023-31427 | Path Traversal vulnerability in Broadcom Fabric Operating System Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. | 7.8 |
| 2023-08-01 | CVE-2023-31425 | OS Command Injection vulnerability in Broadcom Fabric Operating System 9.1.0 A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. | 7.8 |
| 2022-10-25 | CVE-2022-28169 | Improper Privilege Management vulnerability in Broadcom Fabric Operating System Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. | 8.8 |
| 2022-10-25 | CVE-2022-33178 | Improper Input Validation vulnerability in Broadcom Fabric Operating System A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | 7.2 |
| 2022-10-25 | CVE-2022-33179 | Unspecified vulnerability in Broadcom Fabric Operating System A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. | 8.8 |