Vulnerability Details : CVE-2022-33185
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
Published
2022-10-25 21:15:47
Updated
2023-02-28 18:01:56
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2022-33185
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-33185
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-33185
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-33185
-
https://security.netapp.com/advisory/ntap-20230127-0010/
CVE-2022-33185 Brocade Fabric OS Vulnerability | NetApp Product SecurityThird Party Advisory
-
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078
BSA-2022-2078Vendor Advisory
Products affected by CVE-2022-33185
- cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*