Remote Code Execution Vulnerability in Brocade Network Advisor by Broadcom
CVE-2018-6443

8.1HIGH

Key Information:

Vendor: Brocade Communications Systems, Inc.
Status: Brocade Network Advisor
Vendor: CVE Published:; 22 January 2019

What is CVE-2018-6443?

A vulnerability in Brocade Network Advisor prior to version 14.3.1 allows an unauthenticated remote attacker to gain unauthorized access to the JBoss Administration interface. By utilizing undocumented user credentials, an attacker can install additional JEE applications. Moreover, if the attacker has access to the Network Advisor client libraries and can decrypt the JBoss credentials, they may exploit this flaw to access the JBoss web console, compromising system security.

Affected Version(s)

Brocade Network Advisor All versions prior to version 14.3.1

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20190411-0005/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/153035/Brocade-Netwo...

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2019
Vulnerability Reserved
Jan 31, 2018

Brocade Communications Systems, Inc.

What is CVE-2018-6443?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline