CVE-2024-5461

HIGH

Brocade 6547 - Command Injection

Title source: llm

Description

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.

References (1)

[Various Sources] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411

Scores

CVSS v3 8.0

EPSS 0.0012

EPSS Percentile 31.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (1)

broadcom/fabric_operating_system < 8.2.3e1

Timeline

Published Feb 15, 2025

Tracked Since Feb 18, 2026