CVE-2024-5461 HIGH

CVE-2024-5461: Command or parameter injection via unique embedded switch SNMP commands.

Vendor Brocade

Product Brocade Fabric OS

Weakness CWE-78

Published February 15, 2025

Last update September 9, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.

Key dates

02Disclosure timeline

February 15, 2025 CVE published

September 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5461

Related vulnerabilities

CVE-2024-5461: Command or parameter injection via unique embedded switch SNMP commands.

01Description

02Disclosure timeline

03References

04Related CVE