{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-31427","assignerOrgId":"87b297d7-335e-4844-9551-11b97995a791","state":"PUBLISHED","assignerShortName":"brocade","dateReserved":"2023-04-28T00:14:58.125Z","datePublished":"2023-08-01T22:46:17.756Z","dateUpdated":"2025-02-13T16:50:10.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Fabric OS","vendor":"Brocade","versions":[{"status":"affected","version":"after 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.</span>\n\n<br></p>"}],"value":"Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled."}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"87b297d7-335e-4844-9551-11b97995a791","shortName":"brocade","dateUpdated":"2023-09-08T16:06:31.179Z"},"references":[{"url":"https://support.broadcom.com/external/content/SecurityAdvisories/0/22379"},{"url":"https://security.netapp.com/advisory/ntap-20230908-0007/"}],"source":{"discovery":"UNKNOWN"},"title":"Knowledge of full path name","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T14:53:31.074Z"},"title":"CVE Program Container","references":[{"url":"https://support.broadcom.com/external/content/SecurityAdvisories/0/22379","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20230908-0007/","tags":["x_transferred"]}]}]}}