Privileged Escalation via Command Injection on Brocade IP Extension Platforms
CVE-2024-7517

Currently unrated

Key Information:

Vendor: Brocade
Status: Fabric Os
Vendor: CVE Published:; 21 November 2024

What is CVE-2024-7517?

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command.

This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.

Affected Version(s)

Fabric OS Brocade Fabric OS versions before 9.2.0c, and 9.2.1 through 9.2.1a

References

https://support.broadcom.com/web/ecx/support-content-noti...

Timeline

Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Aug 5, 2024