PT-2024-14853 · Brocade · Brocade Fabric Os
Omar Eissa
·
Published
2024-04-04
·
Updated
2024-06-28
·
CVE-2023-5973
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Brocade Fabric OS versions 9.x through 9.1.9
Brocade Fabric OS version 9.2.0 and later are not affected, but since the range is specified as 'before v9.2.0', we can simplify to:
Brocade Fabric OS versions prior to 9.2.0
Description
The issue is related to the Brocade Web Interface in Brocade Fabric OS, where it does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.
Recommendations
For Brocade Fabric OS versions prior to 9.2.0, update to version 9.2.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Web Interface to minimize the risk of exploitation.
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Fabric Os