CVE-2024-7516

CVSS v3.1

7.1

High

Vector

AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.2

Description: The issue is related to weaknesses in the authentication procedure of Brocade Fabric OS, allowing a remote attacker to hijack a service session. This could be achieved through man-in-the-middle attacks, potentially enabling the attacker to forge an SSH key while the switch is performing remote operations initiated by an administrator.

Recommendations: For Brocade Fabric OS versions prior to 9.2.2, update to version 9.2.2 or later to resolve the issue. As a temporary workaround, consider restricting remote access to the switch and limiting the use of SSH keys to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-322

Related Identifiers

BDU:2024-10646

CVE-2024-7516

Affected Products

Brocade Fabric Os

CVE-2024-7516

Weakness Enumeration

Related Identifiers

Affected Products

References · 7