Privileged Escalation via Command Injection on Brocade IP Extension Platforms
CVE-2024-7517
8.5HIGH
What is CVE-2024-7517?
A command injection vulnerability exists in Brocade Fabric OS that affects specific versions and platforms. This flaw allows a local authenticated attacker to escalate their privileges via the portcfg command. The vulnerability is limited to IP Extension platforms, including Brocade 7810, 7840, 7850, and X6 or X7 directors with the SX-6 blade installed. Attackers need to gain access through SSH or a serial console to exploit this weakness effectively.
Affected Version(s)
Fabric OS Brocade Fabric OS versions before 9.2.0c, and 9.2.1 through 9.2.1a