CVE-2023-3489
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 31, 2023
Updated: Nov 24, 2023
CWE ID 312
Summary
CVE-2023-3489: A vulnerability exists in the firmwaredownload command of Brocade Fabric OS v9.2.0. When performing a downgrade from this version to any earlier version, the command logs the FTP/SFTP/SCP server password in clear text in the SupportSave file. This issue poses a significant risk as the passwords are not encrypted, potentially allowing unauthorized access to the system. It is recommended that users upgrade to a secure version of the firmware or implement strong access control measures to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Broadcom