CVE-2023-31425

EUVD-2023-35733
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
brocadeCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
broadcomfabric_operating_system
9.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.netapp.com/advisory/ntap-20230908-0007/
https://support.broadcom.com/external/content/SecurityAdvisories/0/22407
https://security.netapp.com/advisory/ntap-20230908-0007/
https://support.broadcom.com/external/content/SecurityAdvisories/0/22407