Vulnerabilities > Broadcom > Fabric Operating System > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-33185 Out-of-bounds Write vulnerability in Broadcom Fabric Operating System
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input.
local
low complexity
broadcom CWE-787
7.8
2021-08-12 CVE-2021-27790 Out-of-bounds Write vulnerability in Broadcom Fabric Operating System
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input.
local
low complexity
broadcom CWE-787
7.8
2021-08-12 CVE-2021-27792 Unspecified vulnerability in Broadcom Fabric Operating System
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.
local
low complexity
broadcom
7.8
2021-08-12 CVE-2021-27794 Improper Authentication vulnerability in Broadcom Fabric Operating System
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
local
low complexity
broadcom CWE-287
7.8
2021-06-09 CVE-2020-15387 Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
network
high complexity
broadcom CWE-326
7.4
2021-06-09 CVE-2020-15383 Unspecified vulnerability in Broadcom Fabric Operating System
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
network
low complexity
broadcom
7.5
2020-12-09 CVE-2020-29661 Improper Locking vulnerability in multiple products
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
7.8
2020-09-25 CVE-2018-6448 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
network
low complexity
broadcom
7.5
2020-09-25 CVE-2020-15369 Weak Password Requirements vulnerability in Broadcom Fabric Operating System
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server.
network
low complexity
broadcom CWE-521
8.8
2020-07-24 CVE-2020-15778 OS Command Injection vulnerability in multiple products
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument.
local
low complexity
openbsd netapp broadcom CWE-78
7.8