Primary

Context

Brocade Embedded Switches SNMP Command Injection Vulnerability Allowing Root Access

Vulnerability

A command or parameter injection vulnerability has been identified in the Simple Network Management Protocol (SNMP) implementation on Brocade 6547 (FC5022) embedded switch blades, running Fabric OS prior to 8.2.3e1_pha. The vulnerability arises because the SNMP binary makes internal script calls to system.sh, allowing authenticated attackers to inject commands into SNMP operations unique to this switch model. Exploitation of this vulnerability could enable attackers to execute commands with root privileges.

Impact

Exploitation of this vulnerability could allow an authenticated attacker to execute commands as the root user on the affected switch.

Remediation

Users can upgrade to Brocade Fabric OS 8.2.3e1_pha to address this vulnerability, as this patch release removes the vulnerable component from the code.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brocade Embedded Switches SNMP Command Injection Vulnerability Allowing Root Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating