CVE-2023-31427

HIGH

Brocade Fabric OS <9.1.1c, 9.2.0 - Command Injection

Title source: llm

Description

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

References (2)

Core 2

Core References

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230908-0007/

Vendor Advisory

https://support.broadcom.com/external/content/SecurityAdvisories/0/22379

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

broadcom/fabric_operating_system < 9.1.1c

Published Aug 01, 2023

Tracked Since Feb 18, 2026