Privileged Escalation via Command Injection on Brocade IP Extension Platforms
CVE-2024-7517

8.5HIGH

Key Information:

Vendor

Brocade

Status
Vendor
CVE Published:
21 November 2024

What is CVE-2024-7517?

A command injection vulnerability exists in Brocade Fabric OS that affects specific versions and platforms. This flaw allows a local authenticated attacker to escalate their privileges via the portcfg command. The vulnerability is limited to IP Extension platforms, including Brocade 7810, 7840, 7850, and X6 or X7 directors with the SX-6 blade installed. Attackers need to gain access through SSH or a serial console to exploit this weakness effectively.

Affected Version(s)

Fabric OS Brocade Fabric OS versions before 9.2.0c, and 9.2.1 through 9.2.1a

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.