CVE-2023-3489

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 31, 2023

Updated: Nov 24, 2023

CWE ID 312

Summary

CVE-2023-3489: A vulnerability exists in the firmwaredownload command of Brocade Fabric OS v9.2.0. When performing a downgrade from this version to any earlier version, the command logs the FTP/SFTP/SCP server password in clear text in the SupportSave file. This issue poses a significant risk as the passwords are not encrypted, potentially allowing unauthorized access to the system. It is recommended that users upgrade to a secure version of the firmware or implement strong access control measures to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Broadcom

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r1krH_
https://www.cve.org/CVERecord?id=CVE-2023-3489
https://nvd.nist.gov/vuln/detail/CVE-2023-3489

Back to Vulnerability Database

CVE-2023-3489

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations