A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
References
Link | Resource |
---|---|
https://security.netapp.com/advisory/ntap-20230908-0007/ | Third Party Advisory |
https://support.broadcom.com/external/content/SecurityAdvisories/0/22407 | Vendor Advisory |
Configurations
History
04 Aug 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
CPE | cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://support.broadcom.com/external/content/SecurityAdvisories/0/22407 - Vendor Advisory |
01 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-01 21:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-31425
Mitre link : CVE-2023-31425
CVE.ORG link : CVE-2023-31425
JSON object : View
Products Affected
broadcom
- fabric_operating_system
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')