CVE-2022-33185

HIGH

Brocade Fabric OS <9.0.1e and 9.1.0 - Authenticated Local Root Code Execution via Stack Overflow

Title source: manual

Description

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.

References (2)

Core 2

Core References

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230127-0010/

Vendor Advisory

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

broadcom/fabric_operating_system < 9.0.1e

Published Oct 25, 2022

Tracked Since Feb 18, 2026