Vulnerabilities > Broadcom > Fabric Operating System > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2021-27795 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys.
network
high complexity
broadcom CWE-327
8.1
2023-08-31 CVE-2023-3489 Cleartext Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System 9.2.0
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.
network
low complexity
broadcom CWE-312
7.5
2023-08-01 CVE-2023-31427 Path Traversal vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege.
local
low complexity
broadcom CWE-22
7.8
2023-08-01 CVE-2023-31425 OS Command Injection vulnerability in Broadcom Fabric Operating System 9.1.0
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell.
local
low complexity
broadcom CWE-78
7.8
2022-10-25 CVE-2022-28169 Improper Privilege Management vulnerability in Broadcom Fabric Operating System
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user.
network
low complexity
broadcom CWE-269
8.8
2022-10-25 CVE-2022-33178 Improper Input Validation vulnerability in Broadcom Fabric Operating System
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
network
low complexity
broadcom CWE-20
7.2
2022-10-25 CVE-2022-33179 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.
local
low complexity
broadcom
8.8
2022-10-25 CVE-2022-33182 Unspecified vulnerability in Broadcom Fabric Operating System
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
local
low complexity
broadcom
7.8
2022-10-25 CVE-2022-33183 Out-of-bounds Write vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.
network
low complexity
broadcom CWE-787
8.8
2022-10-25 CVE-2022-33184 Out-of-bounds Write vulnerability in Broadcom Fabric Operating System
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
local
low complexity
broadcom CWE-787
7.8