Local Shell Escape Vulnerability in Brocade Fabric OS Command Line Interface
CVE-2018-6439

7.8HIGH

Key Information:

Vendor: Brocade Communications Systems, Inc.
Status: Brocade Fabric Os
Vendor: CVE Published:; 29 October 2018

What is CVE-2018-6439?

A vulnerability exists in the configdownload command of the Brocade Fabric OS command line interface which affects various versions prior to their specified secure releases. This flaw allows a local attacker to bypass the restricted shell environment, leading to potential unauthorized access to elevated privileges, including root access. By exploiting this vulnerability, an attacker can execute arbitrary commands within the system, posing significant risks to data integrity and device security. For mitigation, it is recommended to upgrade to the latest secure versions of Brocade Fabric OS as specified in the advisory.

Affected Version(s)

Brocade Fabric OS All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2018
Vulnerability Reserved
Jan 31, 2018

Brocade Communications Systems, Inc.

What is CVE-2018-6439?

Affected Version(s)

References

CVSS V3.1

Timeline