Broadcom Fabric Operating System — known CVE vulnerabilities
Every CVE whose affected-product data names Broadcom Fabric Operating System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (95)
CVE-2020-15371 — CVSS 9.8 (critical): Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege…
CVE-2019-18805 — CVSS 9.8 (critical): An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer…
CVE-2020-15374 — CVSS 9.8 (critical): Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected…
CVE-2021-27797 — CVSS 9.8 (critical): Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented…
CVE-2022-33186 — CVSS 9.8 (critical): A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated…
CVE-2020-15373 — CVSS 9.8 (critical): Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before…
CVE-2018-6440 — CVSS 9.1 (critical): A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated…
CVE-2024-3596 — CVSS 9.0 (critical): RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept…
CVE-2022-28169 — CVSS 8.8 (high): Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege…
CVE-2022-33179 — CVSS 8.8 (high): A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user…
CVE-2020-15369 — CVSS 8.8 (high): Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password…
CVE-2022-33183 — CVSS 8.8 (high): A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote…
CVE-2016-8202 — CVSS 8.8 (high): A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d…
CVE-2018-6442 — CVSS 8.8 (high): A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow…
CVE-2023-3454 — CVSS 8.6 (high): Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary…
CVE-2023-3489 — CVSS 8.6 (high): The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file…
CVE-2024-5460 — CVSS 8.1 (high): A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before…
CVE-2024-5461 — CVSS 8.0 (high): Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes…
CVE-2021-27794 — CVSS 7.8 (high): A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could…
CVE-2021-27792 — CVSS 7.8 (high): The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not…
CVE-2025-9711 — CVSS 7.8 (high): A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root”…
CVE-2024-7517 — CVSS 7.8 (high): A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a…
CVE-2018-6435 — CVSS 7.8 (high): A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d…
CVE-2018-6436 — CVSS 7.8 (high): A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f…
CVE-2018-6437 — CVSS 7.8 (high): A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could…
CVE-2018-6438 — CVSS 7.8 (high): A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d…
CVE-2018-6439 — CVSS 7.8 (high): A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f…
CVE-2018-6441 — CVSS 7.8 (high): A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local…
CVE-2023-31427 — CVSS 7.8 (high): Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full…
CVE-2023-31425 — CVSS 7.8 (high): A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow…
CVE-2022-33185 — CVSS 7.8 (high): Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input…
CVE-2022-33184 — CVSS 7.8 (high): A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5…
CVE-2026-0383 — CVSS 7.8 (high): A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access…
CVE-2022-33182 — CVSS 7.8 (high): A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a…
CVE-2020-29661 — CVSS 7.8 (high): A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free…
CVE-2021-27790 — CVSS 7.8 (high): The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string…
CVE-2024-5462 — CVSS 7.5 (high): If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret /…
CVE-2019-16203 — CVSS 7.5 (high): Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are…
CVE-2024-10403 — CVSS 7.5 (high): Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password…
CVE-2018-6448 — CVSS 7.5 (high): A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to…
CVE-2019-19069 — CVSS 7.5 (high): A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause…
CVE-2019-19050 — CVSS 7.5 (high): A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause…
CVE-2020-1967 — CVSS 7.5 (high): Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer…
CVE-2019-16204 — CVSS 7.5 (high): Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication…
CVE-2020-15383 — CVSS 7.5 (high): Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0…
CVE-2018-6434 — CVSS 7.5 (high): A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to…
CVE-2020-15387 — CVSS 7.4 (high): The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1…
CVE-2020-15778 — CVSS 7.4 (high): scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the…
CVE-2023-38709 — CVSS 7.3 (high): Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This…
CVE-2022-33178 — CVSS 7.2 (high): A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to…
CVE-2025-58382 — CVSS 7.2 (high): A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could…
CVE-2025-58383 — CVSS 7.2 (high): A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to…
CVE-2024-7516 — CVSS 7.1 (high): A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session…
CVE-2019-18683 — CVSS 7.0 (high): An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on…
CVE-2023-31426 — CVSS 6.8 (medium): The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp…
CVE-2020-15375 — CVSS 6.7 (medium): Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in…
CVE-2017-6227 — CVSS 6.5 (medium): A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and…
CVE-2021-27796 — CVSS 6.5 (medium): A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the…
CVE-2021-27789 — CVSS 6.5 (medium): The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose…
CVE-2022-28170 — CVSS 6.5 (medium): Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the…
CVE-2020-15388 — CVSS 6.5 (medium): A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated…
CVE-2020-15370 — CVSS 6.5 (medium): Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in…
CVE-2020-13645 — CVSS 6.5 (medium): In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS…
CVE-2016-4376 — CVSS 6.5 (medium): HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via…
CVE-2021-27795 — CVSS 6.4 (medium): Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format…
CVE-2024-24795 — CVSS 6.3 (medium): HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into…
CVE-2018-6449 — CVSS 6.1 (medium): Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote…
CVE-2017-6225 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric…
CVE-2024-29954 — CVSS 5.9 (medium): A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive…
CVE-2019-25013 — CVSS 5.9 (medium): The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR…
CVE-2021-27798 — CVSS 5.5 (medium): A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal…
CVE-2025-58379 — CVSS 5.5 (medium): Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using…
CVE-2023-31429 — CVSS 5.5 (medium): Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as…
CVE-2022-33180 — CVSS 5.5 (medium): A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated…
CVE-2022-33181 — CVSS 5.5 (medium): An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could…
CVE-2020-15372 — CVSS 5.5 (medium): A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3…
CVE-2018-6433 — CVSS 5.5 (medium): A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local…
CVE-2018-6447 — CVSS 5.4 (medium): A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c…
CVE-2021-27791 — CVSS 5.4 (medium): The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a…
CVE-2020-15386 — CVSS 5.3 (medium): Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could…
CVE-2021-27793 — CVSS 5.3 (medium): ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in…
CVE-2021-22876 — CVSS 5.3 (medium): curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking…
CVE-2004-1663 — CVSS 5.0 (medium): Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade…
CVE-2025-4663 — CVSS 4.9 (medium): An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated…
CVE-2020-29660 — CVSS 4.4 (medium): A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and…
CVE-2023-4162 — CVSS 4.4 (medium): A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg…
CVE-2023-4163 — CVSS 4.4 (medium): In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel…
CVE-2024-29953 — CVSS 4.3 (medium): A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session…
CVE-2020-15376 — CVSS 4.3 (medium): Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap…
CVE-2023-5973 — CVSS 4.3 (medium): Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName…
CVE-2021-22890 — CVSS 3.7 (low): curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of…
CVE-2025-4661 — CVSS 2.3 (low): A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside…
CVE-2025-58381 — CVSS 2.3 (low): A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands…
CVE-2025-58380 — CVSS 2.3 (low): A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command…