Privileged Escalation via Command Injection on Brocade IP Extension Platforms
CVE-2024-7517

8.5HIGH

Key Information:

Vendor: Brocade
Status: Fabric Os
Vendor: CVE Published:; 21 November 2024

What is CVE-2024-7517?

A command injection vulnerability exists in Brocade Fabric OS that affects specific versions and platforms. This flaw allows a local authenticated attacker to escalate their privileges via the portcfg command. The vulnerability is limited to IP Extension platforms, including Brocade 7810, 7840, 7850, and X6 or X7 directors with the SX-6 blade installed. Attackers need to gain access through SSH or a serial console to exploit this weakness effectively.

Affected Version(s)

Fabric OS Brocade Fabric OS versions before 9.2.0c, and 9.2.1 through 9.2.1a

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Aug 5, 2024

JSON