CVE-2023-31427 HIGH

CVE-2023-31427: Knowledge of full path name

Vendor Brocade
Product Fabric OS
Weakness CWE-22 · Path traversal
Published August 1, 2023
Last update February 13, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.

Key dates

02Disclosure timeline

August 1, 2023 CVE published
February 13, 2025 Record updated