CVE-2024-5461

HIGH

Broadcom Fabric Operating System < 8.2.3e1 - Authenticated OS Command Injection via SNMP system.sh Calls

Title source: llm

Description

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.

References (1)

Core 1

Core References

Various Sources

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411

Scores

CVSS v3 8.0

EPSS 0.0015

EPSS Percentile 35.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

broadcom/fabric_operating_system < 8.2.3e1

Published Feb 15, 2025

Tracked Since Feb 18, 2026