CVE-2023-3489

Description

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected products

Brocade / Fabric OSBrocade Fabric OS v9.2.0 – Brocade Fabric OS v9.2.0

References

VENDOR_ADVISORYhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510
MISChttps://security.netapp.com/advisory/ntap-20231124-0003/