CVE-2024-7516

HIGH

Brocade Fabric OS < 9.2.2 - Unauthenticated Service Session Hijacking via SSH Key Forgery

Title source: llm

Description

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.

References (1)

Core 1

Core References

Vendor Advisory

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25177

Scores

CVSS v3 7.1

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306 CWE-322

Status published

Products (1)

broadcom/fabric_operating_system < 9.2.2

Published Nov 12, 2024

Tracked Since Feb 18, 2026