PT-2023-23313 · Brocade · Brocade Fabric Os

Publicado

2023-08-01

Atualizado

2023-11-02

CVE-2023-31425

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions 9.1.0 through 9.1.1

Description A vulnerability in the fosexec command could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.

Recommendations For Brocade Fabric OS versions 9.1.0 through 9.1.1, update to Brocade Fabric OS v9.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the fosexec command to minimize the risk of exploitation.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-31425

Produtos afetados

Brocade Fabric Os

PT-2023-23313 · Brocade · Brocade Fabric Os

CVE-2023-31425

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6