Directory Traversal Vulnerability in Brocade Network Advisor by Brocade
CVE-2016-8205

9.8CRITICAL

Key Information:

Vendor

Brocade
Status
Brocade Network Advisor Versions Released Prior To And Including 14.0.2
Vendor
CVE Published:
14 January 2017

What is CVE-2016-8205?

A directory traversal vulnerability exists in the DashboardFileReceiveServlet component of Brocade Network Advisor, allowing remote attackers to upload malicious files to an executable location within the file system. This flaw can potentially be exploited by attackers to execute harmful scripts, leading to unauthorized access and manipulation of system resources. Organizations using affected versions should evaluate their security posture and apply recommended patches to mitigate exposure.

Affected Version(s)

Brocade Network Advisor released prior to and including 14.0.2 Brocade Network Advisor versions released prior to and including 14.0.2

References

http://www.zerodayinitiative.com/advisories/ZDI-17-050
x_refsource_MISC
https://www.broadcom.com/support/fibre-channel-networking...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95694
vdb-entryx_refsource_BID

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-8205 : Directory Traversal Vulnerability in Brocade Network Advisor by Brocade