Broadcom

Fabric Operating System

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2025-1976

Warnung Medienbericht
  • EPSS 1.03%
  • Veröffentlicht 24.04.2025 03:15:14
  • Zuletzt bearbeitet 29.04.2025 19:49:59

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

7.5

CVE-2024-10403

  • EPSS 0.18%
  • Veröffentlicht 21.11.2024 11:15:16
  • Zuletzt bearbeitet 04.02.2025 15:28:04

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that ...

7.1

CVE-2024-7516

  • EPSS 0.04%
  • Veröffentlicht 12.11.2024 19:15:18
  • Zuletzt bearbeitet 04.02.2025 15:25:22

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is perfor...

9

CVE-2024-3596

Medienbericht
  • EPSS 24.61%
  • Veröffentlicht 09.07.2024 12:15:20
  • Zuletzt bearbeitet 04.09.2025 21:15:32

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Respon...

8.1

CVE-2024-5460

  • EPSS 0.59%
  • Veröffentlicht 26.06.2024 00:15:11
  • Zuletzt bearbeitet 04.02.2025 15:24:36

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vuln...

5.5

CVE-2024-29954

  • EPSS 0.04%
  • Veröffentlicht 26.06.2024 00:15:10
  • Zuletzt bearbeitet 21.11.2024 09:08:41

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such ...

4.3

CVE-2024-29953

  • EPSS 0.27%
  • Veröffentlicht 26.06.2024 00:15:10
  • Zuletzt bearbeitet 04.02.2025 15:19:11

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encod...

4.3

CVE-2023-5973

  • EPSS 0.2%
  • Veröffentlicht 05.04.2024 03:15:07
  • Zuletzt bearbeitet 13.02.2025 18:16:02

Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and ...

6.3

CVE-2024-24795

  • EPSS 1.22%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 30.06.2025 12:55:47

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, ...

7.3

CVE-2023-38709

  • EPSS 5.8%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 30.06.2025 12:59:08

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.