Description
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95692
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-051
Various Sources x_refsource_confirm
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
Scores
CVSS v3
7.5
EPSS
0.1454
EPSS Percentile
96.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (2)
brocade/network_advisor
< 14.0.2
n/a/Brocade Network Advisor versions released prior to and including 14.0.2
Brocade Network Advisor versions released prior to and including 14.0.2
Published
Jan 14, 2017
Tracked Since
Feb 18, 2026