CVE-2023-3454 - Vulnerability Details - OpenCVE

Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20240628-0004/
https://support.broadcom.com/external/content/SecurityAdvisories/0/23215

History

Thu, 13 Feb 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description	Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.	Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.

Tue, 04 Feb 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom fabric Operating System
CPEs		cpe:2.3:o:broadcom:fabric_operating_system::::::::
Vendors & Products		Broadcom Broadcom fabric Operating System

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2024-04-04T17:03:54.171Z

Updated: 2025-02-13T16:55:37.820Z

Reserved: 2023-06-28T21:20:18.502Z

Link: CVE-2023-3454

Vulnrichment

Updated: 2024-08-02T06:55:03.530Z

NVD

Status : Modified

Published: 2024-04-04T17:15:09.000

Modified: 2025-02-13T17:16:56.757

Link: CVE-2023-3454

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-3454", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2023-06-28T21:20:18.502Z", "datePublished": "2024-04-04T17:03:54.171Z", "dateUpdated": "2025-02-13T16:55:37.820Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fabric OS", "vendor": "Brocade", "versions": [{"status": "affected", "version": "after v9.0 and before v9.2.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.<br><br>"}], "value": "Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-06-28T16:05:56.190Z"}, "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215"}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0004/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "broadcom", "product": "brocade_fabric_operating_system", "cpes": ["cpe:2.3:o:broadcom:brocade_fabric_operating_system:9.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.0", "status": "affected", "lessThan": "9.2.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-08T13:23:36.479859Z", "id": "CVE-2023-3454", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:00:34.252Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.530Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0004/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0004/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.530Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3454", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-08T13:23:36.479859Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:broadcom:brocade_fabric_operating_system:9.0:*:*:*:*:*:*:*"], "vendor": "broadcom", "product": "brocade_fabric_operating_system", "versions": [{"status": "affected", "version": "9.0", "lessThan": "9.2.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:00:30.121Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brocade ", "product": "Fabric OS", "versions": [{"status": "affected", "version": "after v9.0 and before v9.2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215"}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0004/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.\n\n", "supportingMedia": [{"type": "text/html", "value": "Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.<br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-04-04T17:03:54.171Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3454", "state": "PUBLISHED", "dateUpdated": "2024-08-02T06:55:03.530Z", "dateReserved": "2023-06-28T21:20:18.502Z", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "datePublished": "2024-04-04T17:03:54.171Z", "assignerShortName": "brocade"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B028C8E-8910-4F2C-8029-CC8AAC644A15", "versionEndExcluding": "9.1.1d1", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario y usarlo para obtener acceso ra\u00edz al conmutador Brocade."}], "id": "CVE-2023-3454", "lastModified": "2025-02-13T17:16:56.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "sirt@brocade.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-04T17:15:09.000", "references": [{"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240628-0004/"}, {"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240628-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23215"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "sirt@brocade.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}