← back
CVE-2023-31427

Knowledge of full path name

CVSS 7.8 HIGHEPSS 0.2%CWE-22
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Brocade · Fabric OS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.netapp.com/advisory/ntap-20230908-0007/https://support.broadcom.com/external/content/SecurityAdvisories/0/22379