Description
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
High
Attack Requirements
Present
Privileges Required
None
User Interaction
Passive
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- Brocade / Fabric OSbefore 9.2.2 – before 9.2.2