Command Injection Vulnerability in Brocade 6547 Embedded Switch Blade
CVE-2024-5461

8.6HIGH

Key Information:

Vendor: Brocade
Status: Brocade Fabric Os
Vendor: CVE Published:; 15 February 2025

What is CVE-2024-5461?

A command injection vulnerability exists within the Simple Network Management Protocol (SNMP) implementation on the Brocade 6547 (FC5022) embedded switch blade. This issue arises from the internal script execution that occurs when SNMP operations are performed. An attacker with authentication can exploit this vulnerability to inject arbitrary commands into the SNMP binary, enabling them to execute unauthorized commands with root privileges. Organizations using the Brocade 6547 (FC5022) should review their SNMP configurations and apply necessary security measures to mitigate potential exploitation.

Affected Version(s)

Brocade Fabric OS Brocade 6547 (FC5022) embedded switch blade before 8.2.3e1_pha

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2025
Vulnerability Reserved
May 29, 2024