scp, sftp, ftp servers passwords in supportsave
CVE-2023-31426

6.8MEDIUM

Key Information:

Vendor: Brocade
Status: Brocade Fabric Os
Vendor: CVE Published:; 1 August 2023

What is CVE-2023-31426?

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.

Affected Version(s)

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

https://security.netapp.com/advisory/ntap-20230908-0007/

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 1, 2023
Vulnerability Reserved
Apr 28, 2023