CVE-2024-7516 HIGH

CVE-2024-7516: Brocade Fabric OS before 9.2.2 does not enforce strict host key checking

Vendor Brocade
Product Fabric OS
Weakness CWE-322
Published November 12, 2024
Last update November 21, 2024

CVSS base score

7.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:H/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 21, 2024 Record updated