Vulnerability Description
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Fabric Operating System | < 9.0.1e |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20230127-0010/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
- https://security.netapp.com/advisory/ntap-20230127-0010/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
FAQ
What is CVE-2022-33185?
CVE-2022-33185 is a vulnerability with a CVSS score of 7.8 (HIGH). Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities t...
How severe is CVE-2022-33185?
CVE-2022-33185 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33185?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Fabric Operating System.