CVE-2023-4162

MEDIUM

Brocade Fabric OS <9.2.0a - Memory Corruption

Title source: llm

Description

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“.

References (2)

[Vendor Advisory] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20231124-0010/

Scores

CVSS v3 4.4

EPSS 0.0002

EPSS Percentile 5.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-252 CWE-400

Status published

Affected Products (2)

brocade/fabric_operating_system < 9.2.0a

broadcom/fabric_operating_system < 9.2.0a

Timeline

Published Aug 31, 2023

Tracked Since Feb 18, 2026