CVE-2023-5973 - Vulnerability Details - OpenCVE

Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20240628-0005/
https://support.broadcom.com/external/content/SecurityAdvisories/0/23214

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description	Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.	Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display.

Tue, 04 Feb 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom fabric Operating System
CPEs		cpe:2.3:o:broadcom:fabric_operating_system::::::::
Vendors & Products		Broadcom Broadcom fabric Operating System

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2024-04-05T02:33:46.116Z

Updated: 2025-02-13T17:25:59.081Z

Reserved: 2023-11-06T20:20:06.784Z

Link: CVE-2023-5973

Vulnrichment

Updated: 2024-08-02T08:14:25.193Z

NVD

Status : Modified

Published: 2024-04-05T03:15:07.770

Modified: 2025-02-13T18:16:02.713

Link: CVE-2023-5973

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-5973", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2023-11-06T20:20:06.784Z", "datePublished": "2024-04-05T02:33:46.116Z", "dateUpdated": "2025-02-13T17:25:59.081Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fabric OS", "vendor": "Brocade", "versions": [{"status": "affected", "version": "Versions v9.x and before v9.2.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Brocade\n Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not \nproperly represent the portName to the user if the portName contains \nreserved characters. This could allow an authenticated user to alter the\n UI of the Brocade Switch and change ports display."}], "value": "Brocade\n Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not \nproperly represent the portName to the user if the portName contains \nreserved characters. This could allow an authenticated user to alter the\n UI of the Brocade Switch and change ports display."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "description": "CWE-346 Origin Validation Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-06-28T16:05:57.743Z"}, "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23214"}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0005/"}], "source": {"discovery": "UNKNOWN"}, "title": "Truncated port name", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-05T15:54:19.812462Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:45.659Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.193Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23214", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0005/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23214", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0005/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.193Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-05T15:54:19.812462Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.199Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Truncated port name", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brocade", "product": "Fabric OS", "versions": [{"status": "affected", "version": "Versions v9.x and before v9.2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23214"}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0005/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Brocade\n Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not \nproperly represent the portName to the user if the portName contains \nreserved characters. This could allow an authenticated user to alter the\n UI of the Brocade Switch and change ports display.", "supportingMedia": [{"type": "text/html", "value": "Brocade\n Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not \nproperly represent the portName to the user if the portName contains \nreserved characters. This could allow an authenticated user to alter the\n UI of the Brocade Switch and change ports display.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-06-28T16:05:57.743Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5973", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:25:59.081Z", "dateReserved": "2023-11-06T20:20:06.784Z", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "datePublished": "2024-04-05T02:33:46.116Z", "assignerShortName": "brocade"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "34B4DD91-794C-41EC-BA06-19BF0F91F188", "versionEndExcluding": "9.2.0", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Brocade\n Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not \nproperly represent the portName to the user if the portName contains \nreserved characters. This could allow an authenticated user to alter the\n UI of the Brocade Switch and change ports display."}, {"lang": "es", "value": "La interfaz web de Brocade en Brocade Fabric OS v9.x y versiones anteriores a v9.2.0 no representa correctamente el nombre del puerto para el usuario si el nombre del puerto contiene caracteres reservados. Esto podr\u00eda permitir a un usuario autenticado alterar la interfaz de usuario del Brocade Switch y cambiar la visualizaci\u00f3n de los puertos."}], "id": "CVE-2023-5973", "lastModified": "2025-02-13T18:16:02.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "sirt@brocade.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-05T03:15:07.770", "references": [{"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240628-0005/"}, {"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240628-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23214"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "sirt@brocade.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}