Primary

Context

Broadcom DX NetOps Spectrum OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in Broadcom DX NetOps Spectrum versions through 23.3.6 on both Windows and Linux platforms. This vulnerability allows attackers to execute arbitrary commands on the host operating system with the same privileges as the vulnerable application, specifically within the Network Configuration Manager (NCM) service.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the host operating system, potentially allowing for further exploitation or manipulation of the system.

Remediation

Users can upgrade to Broadcom DX NetOps Spectrum version 25.4.1 or later to address this vulnerability. Instructions for upgrading can be found in the Broadcom Product Notifications.

Added: Jan 12, 2026, 5:21 AM

Updated: Jan 12, 2026, 5:21 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Broadcom DX NetOps Spectrum OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Broadcom DX NetOps Spectrum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating