Vulnerability Details : CVE-2022-33185
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
Published
2022-10-25 21:15:47
Updated
2023-02-28 18:01:56
Vulnerability category: Memory Corruption
Products affected by CVE-2022-33185
- cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-33185
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-33185
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-33185
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-33185
-
https://security.netapp.com/advisory/ntap-20230127-0010/
CVE-2022-33185 Brocade Fabric OS Vulnerability | NetApp Product SecurityThird Party Advisory
-
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078
BSA-2022-2078Vendor Advisory
Jump to