Directory Traversal Vulnerability in Brocade Network Advisor
CVE-2016-8206

7.5HIGH

Key Information:

Vendor

Brocade
Status
Brocade Network Advisor Versions Released Prior To And Including 14.0.2
Vendor
CVE Published:
14 January 2017

What is CVE-2016-8206?

A Directory Traversal vulnerability exists in the servlet SoftwareImageUpload of Brocade Network Advisor versions up to and including 14.0.2. This security flaw permits authenticated remote attackers to gain unauthorized access to files on the server. By exploiting this vulnerability, attackers can manipulate file paths and write to arbitrary directories, which may lead to unauthorized file deletions or modifications, thereby compromising the integrity and confidentiality of the impacted system.

Affected Version(s)

Brocade Network Advisor released prior to and including 14.0.2 Brocade Network Advisor versions released prior to and including 14.0.2

References

http://www.securityfocus.com/bid/95692
vdb-entryx_refsource_BID
http://www.zerodayinitiative.com/advisories/ZDI-17-051
x_refsource_MISC
https://www.broadcom.com/support/fibre-channel-networking...
x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-8206 : Directory Traversal Vulnerability in Brocade Network Advisor