CVE-2023-4162

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.netapp.com/advisory/ntap-20231124-0010/
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:brocade:fabric_operating_system:*:*:*:*:*:*:*:*

History

24 Nov 2023, 09:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20231124-0010/ -

05 Sep 2023, 18:19

Type	Values Removed	Values Added
First Time		Brocade Brocade fabric Operating System
CWE		CWE-400
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.4
CPE		cpe:2.3:o:brocade:fabric_operating_system::::::::
References	~~(MISC) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513 -~~	(MISC) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513 - Vendor Advisory

31 Aug 2023, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-31 01:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-4162

Mitre link : CVE-2023-4162

CVE.ORG link : CVE-2023-4162

JSON object : View

Products Affected

brocade

fabric_operating_system

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-4162", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2023-08-31T01:15:08.943", "references": [{"url": "https://security.netapp.com/advisory/ntap-20231124-0010/", "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A\n segmentation fault can occur in Brocade Fabric OS after Brocade Fabric \nOS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg \ncommand. This\n could allow an authenticated privileged user local user to crash a \nBrocade Fabric OS swith using the cli \u201cpasswdcfg --set -expire \n-minDiff\u201c.\n\n"}], "lastModified": "2023-11-24T09:15:09.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:brocade:fabric_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F532D92F-5175-432E-932C-868330D50E7B", "versionEndExcluding": "9.2.0a", "versionStartIncluding": "9.0.1a"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}