CVE-2018-6443
HIGHBrocade Network Advisor < 14.3.1 - Credentials Management
Title source: ruleDescription
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jakub Palaczynski · textwebappsjava
https://www.exploit-db.com/exploits/46887
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190411-0005/
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html
Scores
CVSS v3
8.1
EPSS
0.0754
EPSS Percentile
91.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
Status
published
Products (2)
brocade/network_advisor
< 14.3.1
netapp/brocade_network_advisor
Published
Jan 22, 2019
Tracked Since
Feb 18, 2026