Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7517

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.

Published

2024-11-21T11:15:35.990

Last Modified

2026-01-30T21:24:46.627

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	brocade	fabric_operating_system	≤ 9.2.0c	Yes
Operating System	brocade	fabric_operating_system	≤ 9.2.1a	Yes

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25071 Third Party Advisory ([email protected])