CVE-2023-31426

Description

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected products

Brocade / Brocade Fabric OSbefore Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 – before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0

References

VENDOR_ADVISORYhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377
MISChttps://security.netapp.com/advisory/ntap-20230908-0007/