Brocade Fabric OS RCE Vulnerability Allows Arbitrary Code Execution and Root Access
CVE-2023-3454

9.8CRITICAL

Key Information:

Vendor: Brocade
Status: Fabric Os
Vendor: CVE Published:; 4 April 2024

What is CVE-2023-3454?

A vulnerability exists in Brocade Fabric OS that enables remote code execution, which could allow an attacker to execute arbitrary commands on affected systems. This poses serious risks as attackers might exploit this flaw to gain unauthorized root access to switches running vulnerable versions of the software. All enterprises utilizing Brocade Fabric OS versions after 9.0 and before 9.2.0 are at risk, necessitating immediate attention to upgrade and secure their network infrastructure.

Affected Version(s)

Fabric OS after v9.0 and before v9.2.0

References

https://support.broadcom.com/external/content/SecurityAdv...

https://security.netapp.com/advisory/ntap-20240628-0004/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2024