Brocade Fabric Os

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.

Published: 2025-02-14T23:48:54.368Z
Updated: 2025-02-18T16:26:54.617Z

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.

Published: 2025-02-15T00:06:56.950Z
Updated: 2025-09-09T18:59:55.320Z

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.

Published: 2023-08-31T00:04:39.287Z
Updated: 2025-06-26T14:21:55.181Z

A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.

Published: 2023-08-01T23:31:00.376Z
Updated: 2025-02-13T16:50:11.199Z

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

Published: 2023-08-01T21:18:55.037Z
Updated: 2024-08-02T14:53:31.068Z

A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.

Published: 2022-08-05T15:24:40.000Z
Updated: 2025-02-15T00:16:51.895Z

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

Published: 2020-02-05T15:16:23.000Z
Updated: 2024-08-05T01:10:41.440Z

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

Published: 2020-02-05T15:16:01.000Z
Updated: 2024-08-05T01:10:41.488Z