Vulnerability Details : CVE-2017-6225
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
Published
2018-02-08 22:29:00
Updated
2021-06-22 15:20:22
Vulnerability category: Cross site scripting (XSS)Execute code
Products affected by CVE-2017-6225
- cpe:2.3:o:brocade:fabric_os:8.0.2b1:*:*:*:*:*:*:*
- cpe:2.3:o:brocade:fabric_os:8.0.1b1:*:*:*:*:*:*:*
- cpe:2.3:o:brocade:fabric_os:8.1.0c1:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6225
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6225
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2017-6225
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6225
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us
HPESBST03851 rev.1 - HPE StoreFabric B-series Switches, Remote Code Execution
-
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525
Broadcom Inc. | Connecting Everything
Jump to