PT-2023-25047 · Brocade · Brocade Fabric Os
Published
2023-08-30
·
Updated
2023-11-24
·
CVE-2023-3489
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brocade Fabric OS version 9.2.0
Brocade Fabric OS versions prior to 9.2.0
Description
The firmwaredownload command on Brocade Fabric OS could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.
Recommendations
For Brocade Fabric OS version 9.2.0, consider disabling the firmwaredownload command until a patch is available to prevent the logging of FTP/SFTP/SCP server passwords in clear text.
For Brocade Fabric OS versions prior to 9.2.0, avoid using the firmwaredownload command for downgrades until a fix is provided to prevent password exposure.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Fabric Os