PT-2023-23313 · Brocade · Brocade Fabric Os

Published

2023-08-01

Updated

2023-11-02

CVE-2023-31425

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions 9.1.0 through 9.1.1

Description A vulnerability in the fosexec command could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.

Recommendations For Brocade Fabric OS versions 9.1.0 through 9.1.1, update to Brocade Fabric OS v9.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the fosexec command to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2023-31425

Affected Products

Brocade Fabric Os

PT-2023-23313 · Brocade · Brocade Fabric Os

CVE-2023-31425

Weakness Enumeration

Related Identifiers

Affected Products

References · 6