Broadcom: >> Fabric Operating System >> 8.0.2c Security Vulnerabilities
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-03
A
vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an
authenticated attacker with admin privileges using the shell commands
“source, ping6, sleep, disown, wait to modify the path variables and
move upwards in the directory structure or to traverse to different
directories.
CVSS Score
2.3
EPSS Score
0.0
Published
2026-02-03
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.
CVSS Score
2.3
EPSS Score
0.0
Published
2026-02-03
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-03
A vulnerability in the secure configuration of authentication and
management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could
allow an authenticated, remote attacker with administrative credentials
to execute arbitrary commands as root using “supportsave”,
“seccertmgmt”, “configupload” command.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-02-03
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-02-03
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-03
Implementation of the Simple Network
Management Protocol (SNMP) operating on the Brocade 6547 (FC5022)
embedded switch blade, makes internal script calls to system.sh from
within the SNMP binary. An authenticated attacker could perform command
or parameter injection on SNMP operations that are only enabled on the
Brocade 6547 (FC5022) embedded switch. This injection could allow the
authenticated attacker to issue commands as Root.
CVSS Score
8.0
EPSS Score
0.001
Published
2025-02-15
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-15
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command.
This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-11-21
Page 1