CVE-2023-3454

Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://security.netapp.com/advisory/ntap-20240628-0004/	Third Party Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23215	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240628-0004/	Third Party Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23215	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

History

13 Feb 2025, 17:16

Type	Values Removed	Values Added
Summary	(en) Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.	(en) Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

04 Feb 2025, 15:29

Type	Values Removed	Values Added
CPE		cpe:2.3:o:broadcom:fabric_operating_system::::::::
First Time		Broadcom fabric Operating System Broadcom
References	~~() https://security.netapp.com/advisory/ntap-20240628-0004/ -~~	() https://security.netapp.com/advisory/ntap-20240628-0004/ - Third Party Advisory
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23215 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23215 - Vendor Advisory

Information

Published : 2024-04-04 17:15

Updated : 2025-02-13 17:16

NVD link : CVE-2023-3454

Mitre link : CVE-2023-3454

CVE.ORG link : CVE-2023-3454

JSON object : View

Products Affected

broadcom

fabric_operating_system

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-3454", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-04-04T17:15:09.000", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240628-0004/", "tags": ["Third Party Advisory"], "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0004/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario y usarlo para obtener acceso ra\u00edz al conmutador Brocade."}], "lastModified": "2025-02-13T17:16:56.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B028C8E-8910-4F2C-8029-CC8AAC644A15", "versionEndExcluding": "9.1.1d1", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}