Vulnerabilities > Broadcom > Fabric Operating System > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-26 CVE-2024-29954 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files.
local
low complexity
broadcom CWE-532
5.5
2023-08-31 CVE-2023-4163 Classic Buffer Overflow vulnerability in Broadcom Fabric Operating System
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.
local
low complexity
broadcom CWE-120
4.4
2023-08-01 CVE-2023-31426 Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave.
network
low complexity
broadcom CWE-532
6.5
2023-08-01 CVE-2023-31429 Command Injection vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.
local
low complexity
broadcom CWE-77
5.5
2022-10-25 CVE-2022-28170 Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements.
local
low complexity
broadcom CWE-922
6.5
2022-10-25 CVE-2022-33180 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.
local
low complexity
broadcom
5.5
2022-10-25 CVE-2022-33181 Unspecified vulnerability in Broadcom Fabric Operating System
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
local
low complexity
broadcom
5.5
2022-08-05 CVE-2021-27798 Path Traversal vulnerability in Broadcom Fabric Operating System 7.3.1D/7.4.1B
A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal.
local
low complexity
broadcom CWE-22
5.5
2022-03-18 CVE-2020-15388 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
network
low complexity
broadcom
4.0
2022-03-18 CVE-2021-27789 Unspecified vulnerability in Broadcom Fabric Operating System
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device.
network
low complexity
broadcom
4.0