CVE-2024-7516
12.11.2024, 19:15
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.Enginsight
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 𝑥 < 9.2.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-322 - Key Exchange without Entity AuthenticationThe software performs a key exchange with an actor without verifying the identity of that actor.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.