Filtered by vendor Broadcom
Subscriptions
Filtered by product Fabric Operating System
Subscriptions
Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 7.2 High |
| A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | ||||
| CVE-2022-33184 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 7.8 High |
| A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | ||||
| CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 8.8 High |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | ||||
| CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 7.8 High |
| A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | ||||
| CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 5.5 Medium |
| An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | ||||
| CVE-2024-3596 | 5 Broadcom, Freeradius, Ietf and 2 more | 12 Brocade Sannav, Fabric Operating System, Freeradius and 9 more | 2025-05-01 | 9 Critical |
| RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-04-30 | 6.7 Medium |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | ||||
| CVE-2016-8202 | 1 Broadcom | 1 Fabric Operating System | 2025-04-20 | N/A |
| A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters. | ||||
| CVE-2016-4376 | 2 Broadcom, Hp | 2 Fabric Operating System, Storefabric B Series Switch | 2025-04-12 | N/A |
| HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2025-04-03 | N/A |
| Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | ||||
| CVE-2021-27798 | 1 Broadcom | 1 Fabric Operating System | 2025-02-15 | 5.5 Medium |
| A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report. | ||||
| CVE-2023-5973 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 4.3 Medium |
| Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. | ||||
| CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 4.4 Medium |
| In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | ||||
| CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 8.6 High |
| The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | ||||
| CVE-2023-3454 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 8.6 High |
| Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. | ||||
| CVE-2023-31427 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 7.8 High |
| Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | ||||
| CVE-2023-31425 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 7.8 High |
| A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | ||||
| CVE-2024-10403 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | 7.5 High |
| Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | ||||
| CVE-2024-7516 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | 7.1 High |
| A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | ||||
| CVE-2024-5460 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | 8.1 High |
| A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device. | ||||