4.6
CVE-2025-58381
- EPSS 0.01%
- Veröffentlicht 03.02.2026 06:15:52
- Zuletzt bearbeitet 06.02.2026 20:53:22
- Quelle sirt@brocade.com
- CVE-Watchlists
- Unerledigt
Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Broadcom ≫ Fabric Operating System Version < 9.2.1c2
Broadcom ≫ Fabric Operating System Version >= 9.2.2 < 9.2.2b
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.002 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.3 | 0.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
| sirt@brocade.com | 4.6 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-35 Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.