MidnightBSD

Advisories for brocade

CVE-2004-1663 MEDIUM

Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
engenio storage_controller 2822
brocade silkworm 3800
ibm ds4100 *
brocade silkworm 3850
brocade silkworm 3250
brocade silkworm 3200
brocade silkworm 3900
brocade silkworm_fiber_channel_switch 2010
broadcom fabric_operating_system 3.1
engenio storage_controller 5884
storagetek d280 *
engenio storage_controller 2882
broadcom fabric_operating_system 2.1.2
brocade silkworm_fiber_channel_switch 2050
engenio storage_controller 4884
broadcom fabric_operating_system 2.2
brocade silkworm_fiber_channel_switch 2040
CVE-2011-2760 MEDIUM

Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
brocade bigiron_rx_switch *
CVE-2013-7306 MEDIUM

The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
brocade mlx -
brocade netiron_xmr -
brocade adx -
brocade turboiron -
brocade vdx -
brocade netiron_cer -
brocade icx -
brocade vyatta -
brocade fastiron -
brocade bigiron_rx -
brocade netiron_ces -
CVE-2013-7307 MEDIUM

The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
brocade vyatta_vrouter_software *
brocade vyatta_vrouter -
CVE-2014-4868 HIGH

The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
brocade vyatta_5400_vrouter -
brocade vyatta_5400_vrouter_software 6.7
brocade vyatta_5400_vrouter_software 6.6
brocade vyatta_5400_vrouter_software 6.4
CVE-2014-4869 MEDIUM

The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
brocade vyatta_5400_vrouter -
brocade vyatta_5400_vrouter_software 6.7
brocade vyatta_5400_vrouter_software 6.6
brocade vyatta_5400_vrouter_software 6.4
CVE-2014-4870 HIGH

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
brocade vyatta_5400_vrouter -
brocade vyatta_5400_vrouter_software 6.7
brocade vyatta_5400_vrouter_software 6.6
brocade vyatta_5400_vrouter_software 6.4
CVE-2016-8201 MEDIUM

A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
brocade virtual_traffic_manager *
CVE-2016-8203 HIGH

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
brocade netiron_os *
brocade netiron_os 6.0.00a
brocade netiron_os 6.0.00
CVE-2016-8205 HIGH

A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
brocade network_advisor *
CVE-2016-8206 MEDIUM

A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
brocade network_advisor *
CVE-2016-8207 MEDIUM

A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
brocade network_advisor *
CVE-2016-8209 MEDIUM

Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
brocade netiron_ces_series_firmware -
brocade netiron_cer_series_firmware -
brocade netiron_xmr_series_firmware -
brocade netiron_mlx_series_firmware -
CVE-2017-6225 MEDIUM

Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
brocade fabric_os 8.1.0c1
broadcom fabric_operating_system 8.0.2
brocade fabric_os 8.0.2b1
broadcom fabric_operating_system *
brocade fabric_os 8.0.1b1
broadcom fabric_operating_system 8.1.1
CVE-2017-6227 MEDIUM

A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom fabric_operating_system 8.0.0
broadcom fabric_operating_system 8.0.2
broadcom fabric_operating_system 8.0.1
broadcom fabric_operating_system 8.1.2
broadcom fabric_operating_system 8.1.0
broadcom fabric_operating_system *
brocade fabric_os 8.0.2b2
broadcom fabric_operating_system 8.1.1
CVE-2018-6443 MEDIUM

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
brocade network_advisor *
netapp brocade_network_advisor -
CVE-2018-6444 HIGH

A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
brocade network_advisor *
netapp brocade_network_advisor -
CVE-2018-6445 MEDIUM

A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
brocade network_advisor *
netapp brocade_network_advisor -
CVE-2020-13630 MEDIUM

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
oracle outside_in_technology 8.5.4
canonical ubuntu_linux 20.04
oracle communications_network_charging_and_control 6.0.1
sqlite sqlite *
fedoraproject fedora 32
apple icloud *
oracle communications_network_charging_and_control *
oracle zfs_storage_appliance_kit 8.8
apple itunes *
canonical ubuntu_linux 19.10
netapp solidfire,_enterprise_sds_&_hci_storage_node -
siemens sinec_infrastructure_network_services *
oracle outside_in_technology 8.5.5
apple ipados *
netapp cloud_backup -
brocade fabric_operating_system -
apple iphone_os *
apple macos *
apple tvos *
apple watchos *
netapp hci_compute_node_firmware -
canonical ubuntu_linux 18.04
canonical ubuntu_linux 16.04
debian debian_linux 9.0
CVE-2020-13631 LOW

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle outside_in_technology 8.5.5
apple ipados *
netapp cloud_backup -
oracle outside_in_technology 8.5.4
brocade fabric_operating_system -
canonical ubuntu_linux 20.04
apple iphone_os *
apple macos *
oracle communications_network_charging_and_control 6.0.1
sqlite sqlite *
fedoraproject fedora 32
apple tvos *
apple icloud *
oracle communications_network_charging_and_control *
oracle zfs_storage_appliance_kit 8.8
apple itunes *
apple watchos *
canonical ubuntu_linux 19.10
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp hci_compute_node_firmware -
canonical ubuntu_linux 18.04
siemens sinec_infrastructure_network_services *
canonical ubuntu_linux 16.04
CVE-2020-13632 LOW

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
oracle outside_in_technology 8.5.5
netapp cloud_backup -
oracle outside_in_technology 8.5.4
brocade fabric_operating_system -
canonical ubuntu_linux 20.04
oracle communications_network_charging_and_control 6.0.1
sqlite sqlite *
fedoraproject fedora 32
oracle communications_network_charging_and_control *
oracle zfs_storage_appliance_kit 8.8
canonical ubuntu_linux 19.10
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp hci_compute_node_firmware -
canonical ubuntu_linux 18.04
siemens sinec_infrastructure_network_services *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
CVE-2021-22555 MEDIUM

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve-coordination@google.com 8.3 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
netapp h700s_firmware -
netapp hci_management_node -
netapp h300s_firmware -
netapp cloud_backup -
brocade fabric_operating_system -
netapp aff_500f_firmware -
netapp h410c_firmware -
netapp c400_firmware -
netapp h615c_firmware -
netapp aff_a250_firmware -
netapp fas_8300_firmware -
netapp solidfire -
netapp h610s_firmware -
netapp h500s_firmware -
linux linux_kernel *
netapp aff_a400_firmware -
netapp solidfire_baseboard_management_controller *
netapp h410s_firmware -
netapp h610c_firmware -
netapp fas_8700_firmware -
netapp c250_firmware -
CVE-2022-22576 MEDIUM

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-306,

Products Affected

Vendor Product Version
netapp clustered_data_ontap -
netapp h700s_firmware -
netapp h300s_firmware -
brocade fabric_operating_system -
haxx curl *
debian debian_linux 10.0
netapp bootstrap_os -
netapp h500s_firmware -
debian debian_linux 11.0
netapp solidfire_&_hci_storage_node -
netapp solidfire_&_hci_management_node -
netapp h410s_firmware -
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
CVE-2022-27774 LOW

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
netapp clustered_data_ontap -
netapp h700s_firmware -
netapp h300s_firmware -
brocade fabric_operating_system -
netapp hci_bootstrap_os -
haxx curl *
debian debian_linux 10.0
netapp h500s_firmware -
debian debian_linux 11.0
netapp solidfire_&_hci_storage_node -
netapp solidfire_&_hci_management_node -
netapp h410s_firmware -
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
CVE-2022-27775 MEDIUM

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp clustered_data_ontap -
netapp h700s_firmware -
netapp h300s_firmware -
brocade fabric_operating_system -
netapp hci_bootstrap_os -
haxx curl *
netapp h500s_firmware -
debian debian_linux 11.0
netapp solidfire_&_hci_storage_node -
netapp solidfire_&_hci_management_node -
netapp h410s_firmware -
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
CVE-2022-27776 MEDIUM

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
netapp clustered_data_ontap -
netapp h700s_firmware -
netapp h300s_firmware -
brocade fabric_operating_system -
netapp hci_bootstrap_os -
haxx curl *
debian debian_linux 10.0
fedoraproject fedora 36
netapp h500s_firmware -
debian debian_linux 11.0
netapp solidfire_&_hci_storage_node -
netapp solidfire_&_hci_management_node -
netapp h410s_firmware -
fedoraproject fedora 37
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
CVE-2022-28161 LOW

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
brocade sannav *
CVE-2022-33186

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.

Products Affected

Vendor Product Version
brocade fabric_operating_system 9.0.1e
brocade fabric_operating_system 9.1.1
brocade fabric_operating_system 7.4.2j
brocade fabric_operating_system 8.2.3c
CVE-2023-4162

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
sirt@brocade.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
brocade fabric_operating_system *
CVE-2024-1509

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Products Affected

Vendor Product Version
brocade active_support_connectivity_gateway *
CVE-2024-7517

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.

Products Affected

Vendor Product Version
brocade fabric_operating_system *
CVE-2025-4663

An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2

Products Affected

Vendor Product Version
brocade fabric_operating_system *
brocade fabric_operating_system 9.2.2
CVE-2025-6391

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

Products Affected

Vendor Product Version
brocade ascg *
CVE-2025-7397

A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches.

Products Affected

Vendor Product Version
brocade ascg *
CVE-2025-7398

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.

Products Affected

Vendor Product Version
brocade ascg *