CVE-2018-6443

HIGH

Brocade Network Advisor < 14.3.1 - Unauthenticated Remote Code Execution via JBoss Administration Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6443. PoCs published by Jakub Palaczynski.

AI-analyzed exploit summary This exploit leverages hardcoded JBoss JMX credentials to achieve unauthenticated remote code execution on Brocade Network Advisor. It dynamically retrieves the JMX port, imports SSL certificates, and executes arbitrary commands via a reverse shell.

Description

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jakub Palaczynski · textwebappsjava
https://www.exploit-db.com/exploits/46887

This exploit leverages hardcoded JBoss JMX credentials to achieve unauthenticated remote code execution on Brocade Network Advisor. It dynamically retrieves the JMX port, imports SSL certificates, and executes arbitrary commands via a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Brocade Network Advisor 14.X.X, EMC Connectrix Manager Converged Network Edition 14.4.1, IBM Network Advisor
No auth needed
Prerequisites: Network access to the target system · Java runtime environment · JBoss CLI client library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.1
EPSS 0.0740
EPSS Percentile 93.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-255
Status published
Products (2)
brocade/network_advisor < 14.3.1
netapp/brocade_network_advisor
Published Jan 22, 2019
Tracked Since Feb 18, 2026