CVE-2023-31425

Description

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Brocade / Fabric OSafter Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 – after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1

References

VENDOR_ADVISORYhttps://support.broadcom.com/external/content/SecurityAdvisories/0/22407
MISChttps://security.netapp.com/advisory/ntap-20230908-0007/