PT-2024-2638 · Brocade · Brocade Fabric Os

Omar Eissa

Published

2024-04-04

Updated

2024-06-28

CVE-2023-3454

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions 9.0 through 9.2.0

Description A remote code execution vulnerability exists in Brocade Fabric OS, allowing an attacker to execute arbitrary code and gain root access to the Brocade switch. This issue arises due to the lack of measures to neutralize special elements used in the operating system command. The exploitation of this vulnerability could enable a remote attacker to execute arbitrary code and elevate their privileges to the root level.

Recommendations For Brocade Fabric OS versions 9.0 through 9.2.0, update to version 9.2.0 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2024-02705

CVE-2023-3454

Affected Products

Brocade Fabric Os

PT-2024-2638 · Brocade · Brocade Fabric Os

CVE-2023-3454

Weakness Enumeration

Related Identifiers

Affected Products

References · 14