CVE-2016-8202 - OpenCVE

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

OR	cpe:2.3:o:broadcom:fabric_operating_system::::::::
	cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/98332	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038401
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us	Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: brocade

Published: 2017-05-08T18:00:00

Updated: 2018-03-15T18:57:01

Reserved: 2016-09-13T00:00:00

Link: CVE-2016-8202

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-08T18:29:00.217

Modified: 2021-06-22T15:20:05.800

Link: CVE-2016-8202

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "Fibre Channel SAN products running Brocade Fabric OS (FOS).", "vendor": "Brocade Communications Systems, Inc.", "versions": [{"status": "affected", "version": "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b"}]}], "datePublic": "2017-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-15T18:57:01", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"name": "1038401", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038401"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us"}, {"name": "98332", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98332"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2016-8202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fibre Channel SAN products running Brocade Fabric OS (FOS).", "version": {"version_data": [{"version_value": "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b"}]}}]}, "vendor_name": "Brocade Communications Systems, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation."}]}]}, "references": {"reference_data": [{"name": "1038401", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038401"}, {"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us"}, {"name": "98332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98332"}, {"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208", "refsource": "CONFIRM", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"}]}}}}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2016-8202", "datePublished": "2017-05-08T18:00:00", "dateReserved": "2016-09-13T00:00:00", "dateUpdated": "2018-03-15T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F1B2095-2EAB-40F5-ABC1-3B592413A09F", "versionEndIncluding": "7.4.1c", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CA532CBE-FCAF-4AE7-9A39-808864223E41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."}, {"lang": "es", "value": "Una vulnerabilidad de escalamiento de privilegios en los productos de Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) versiones anteriores a 7.4.1d y 8.0.1b, podr\u00eda permitir a un atacante autenticado elevar los privilegios de las cuentas de usuario que acceden al sistema por medio de la interfaz de l\u00ednea de comandos. En versiones afectadas, los usuarios no root pueden conseguir acceso root con una combinaci\u00f3n de comandos y par\u00e1metros de shell."}], "id": "CVE-2016-8202", "lastModified": "2021-06-22T15:20:05.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-08T18:29:00.217", "references": [{"source": "sirt@brocade.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98332"}, {"source": "sirt@brocade.com", "url": "http://www.securitytracker.com/id/1038401"}, {"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us"}, {"source": "sirt@brocade.com", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}