threat
engine
.sh
Back
·
··:··
Home
/
Product
/
broadcom fabric operating system
Product
broadcom fabric operating system
103 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-9711
< 9.2.1c3
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “roo
7.8
HIGH
CVE-2025-58381
< 9.2.1c2
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell
2.3
LOW
CVE-2025-58380
< 9.2.1
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell comm
2.3
LOW
CVE-2026-0383
< 9.2.1c2
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to acce
7.8
HIGH
CVE-2025-58383
< 9.2.1c2
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command,
7.2
HIGH
CVE-2025-58382
< 9.2.1c2
A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1
7.2
HIGH
CVE-2025-58379
< 9.2.1
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line password
5.5
MEDIUM
CVE-2025-4663
>= 9.0.0 and <= 9.2.1b
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authent
4.9
MEDIUM
CVE-2025-4661
>= 9.1.0 and <= 9.2.2
A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files
2.3
LOW
CVE-2025-1976
>= 9.1.0 and < 9.1.1d7
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentiall
6.7
MEDIUM
CVE-2024-5462
< 9.2.0
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret
7.5
HIGH
CVE-2024-5461
< 8.2.3e1
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, ma
8.0
HIGH
CVE-2024-7517
<= 9.2.0c
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could all
7.8
HIGH
CVE-2024-10403
< 9.2.0c1
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP serv
7.5
HIGH
CVE-2024-7516
< 9.2.2
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Sessi
7.1
HIGH
CVE-2024-3596
all versions
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Acc
9.0
CRITICAL
CVE-2024-5460
< 9.0.0
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versio
8.1
HIGH
CVE-2024-29954
< 8.2.3e
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sen
5.9
MEDIUM
CVE-2024-29953
>= 9.0.0 and < 9.1.1d
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on
4.3
MEDIUM
CVE-2023-5973
>= 9.0.0 and < 9.2.0
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the po
4.3
MEDIUM
CVE-2024-24795
all versions
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers in
6.3
MEDIUM
CVE-2023-38709
all versions
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
7.3
HIGH
CVE-2023-3454
>= 9.0.0 and < 9.1.1d1
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arb
8.6
HIGH
CVE-2021-27795
all versions
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string
6.4
MEDIUM
CVE-2023-4163
< 9.2.0a
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a
4.4
MEDIUM
CVE-2023-4162
>= 9.0.1a and < 9.2.0a
A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through th
4.4
MEDIUM
CVE-2023-3489
all versions
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the Support
8.6
HIGH
CVE-2023-31427
< 9.1.1c
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of
7.8
HIGH
CVE-2023-31426
< 8.2.3d
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print
6.8
MEDIUM
CVE-2023-31429
< 9.1.1c
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdi
5.5
MEDIUM
CVE-2023-31425
all versions
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 co
7.8
HIGH
CVE-2022-33186
all versions
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthe
9.8
CRITICAL
CVE-2022-33185
< 9.0.1e
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user in
7.8
HIGH
CVE-2022-33184
< 7.4.2.j
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2
7.8
HIGH
CVE-2022-33183
< 7.4.2.j
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote
8.8
HIGH
CVE-2022-33182
>= 8.0.0 and < 8.2.3c
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could al
7.8
HIGH
CVE-2022-33181
< 7.4.2.j
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2
5.5
MEDIUM
CVE-2022-33180
>= 8.0.0 and < 8.2.3c
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authentica
5.5
MEDIUM
CVE-2022-33179
< 7.4.2j
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authentic
8.8
HIGH
CVE-2022-33178
< 9.0.0
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacke
7.2
HIGH
CVE-2022-28170
< 7.4.2j
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords
6.5
MEDIUM
CVE-2022-28169
>= 8.0.0 and < 8.2.3c
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low pr
8.8
HIGH
CVE-2021-27798
all versions
A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversa
5.5
MEDIUM
CVE-2022-27776
all versions
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HT
6.5
MEDIUM
CVE-2022-27775
all versions
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in t
7.5
HIGH
CVE-2022-27774
all versions
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow
5.7
MEDIUM
CVE-2022-22576
all versions
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticate
8.1
HIGH
CVE-2021-27789
< 8.2.3a
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expo
6.5
MEDIUM
CVE-2020-15388
< 7.4.2h
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authent
6.5
MEDIUM
CVE-2021-27797
>= 7.0.0 and <= 7.4.2h
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documen
9.8
CRITICAL
CVE-2021-27796
< 7.4.1d
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker with
6.5
MEDIUM
CVE-2021-27794
< 7.4.2h
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.
7.8
HIGH
CVE-2021-27793
>= 8.2.0 and < 8.2.3
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0,
5.3
MEDIUM
CVE-2021-27792
< 7.4.2h
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do n
7.8
HIGH
CVE-2021-27791
>= 8.2.1 and < 8.2.3a
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS
5.4
MEDIUM
CVE-2021-27790
< 7.4.2h
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe stri
7.8
HIGH
CVE-2021-22555
all versions
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker t
8.3
HIGH
CVE-2020-15387
< 7.4.2
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.
7.4
HIGH
CVE-2020-15386
all versions
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, whic
5.3
MEDIUM
CVE-2020-15383
< 8.2.1
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric O
7.5
HIGH
CVE-2021-22890
all versions
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad han
3.7
LOW
CVE-2021-22876
all versions
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leak
5.3
MEDIUM
CVE-2019-25013
all versions
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in th
5.9
MEDIUM
CVE-2020-15376
>= 8.1.0 and < 9.0.0
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the lda
4.3
MEDIUM
CVE-2020-15375
< 7.4.2g
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation wea
6.7
MEDIUM
CVE-2020-29661
all versions
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-aft
7.8
HIGH
CVE-2020-29660
all versions
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and dri
4.4
MEDIUM
CVE-2020-15374
all versions
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of ref
9.8
CRITICAL
CVE-2020-15373
all versions
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions befo
9.8
CRITICAL
CVE-2020-15372
< 7.4.2g
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3
5.5
MEDIUM
CVE-2020-15371
all versions
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and pr
9.8
CRITICAL
CVE-2020-15370
< 7.4.2g
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password
6.5
MEDIUM
CVE-2020-15369
all versions
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the pas
8.8
HIGH
CVE-2018-6449
< 9.0.0
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a rem
6.1
MEDIUM
CVE-2018-6448
< 9.0.0
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote att
7.5
HIGH
CVE-2018-6447
all versions
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c
5.4
MEDIUM
CVE-2020-15778
all versions
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in th
7.4
HIGH
CVE-2020-13645
all versions
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TL
6.5
MEDIUM
CVE-2020-13632
all versions
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
5.5
MEDIUM
CVE-2020-13631
all versions
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
5.5
MEDIUM
CVE-2020-13630
all versions
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
7.0
HIGH
CVE-2020-1967
all versions
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL
7.5
HIGH
CVE-2019-16204
< 7.4.2f
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authent
7.5
HIGH
CVE-2019-16203
>= 8.2.1 and < 8.2.1d
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credential
7.5
HIGH
CVE-2019-19069
all versions
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers
7.5
HIGH
CVE-2019-19050
all versions
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers
7.5
HIGH
CVE-2019-18805
all versions
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed in
9.8
CRITICAL
CVE-2019-18683
all versions
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalat
7.0
HIGH
CVE-2018-6440
>= 7.4.2 and < 7.4.2d
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthe
9.1
CRITICAL
CVE-2018-6439
>= 7.4.2 and < 7.4.2d
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0
7.8
HIGH
CVE-2018-6438
>= 7.4.2 and < 7.4.2d
A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f
7.8
HIGH
CVE-2018-6437
>= 7.4.2 and < 7.4.2d
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2
7.8
HIGH
CVE-2018-6436
>= 7.4.2 and < 7.4.2d
A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8
7.8
HIGH
CVE-2018-6442
>= 7.4.2 and < 7.4.2d
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could al
8.8
HIGH
CVE-2018-6441
>= 7.4.2 and < 7.4.2d
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a lo
7.8
HIGH
CVE-2018-6435
>= 7.4.2 and < 7.4.2d
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f
7.8
HIGH
CVE-2018-6434
>= 7.4.2 and < 7.4.2d
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow att
7.5
HIGH
CVE-2018-6433
>= 7.4.2 and < 7.4.2d
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a
5.5
MEDIUM
CVE-2017-6227
< 7.4.2b
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.
6.5
MEDIUM
CVE-2017-6225
< 7.4.2b
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Broca
6.1
MEDIUM
CVE-2016-8202
<= 7.4.1c
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v
8.8
HIGH
CVE-2016-4376
<= 7.4.1
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via u
6.5
MEDIUM
CVE-2004-1663
all versions
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocad
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin