CVE-2023-31427

Description

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Brocade / Fabric OSafter 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c – after 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c

References

VENDOR_ADVISORYhttps://support.broadcom.com/external/content/SecurityAdvisories/0/22379
MISChttps://security.netapp.com/advisory/ntap-20230908-0007/