PT-2023-23315 · Brocade · Brocade Fabric Os
Published
2023-08-01
·
Updated
2024-02-16
·
CVE-2023-31427
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Brocade Fabric OS versions prior to 9.1.1c
Brocade Fabric OS version 9.2.0
Description
The issue allows an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. It is noted that starting with Fabric OS v9.1.0, “root” account access is disabled.
Recommendations
For Brocade Fabric OS versions prior to 9.1.1c, update to version 9.1.1c or later to resolve the issue.
For Brocade Fabric OS version 9.2.0, update to a version later than 9.2.0 to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Fabric Os