CVE-2023-4163 - OpenCVE

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

References

Link	Resource
https://security.netapp.com/advisory/ntap-20231130-0001/
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: brocade

Published: 2023-08-31T00:04:39.287Z

Updated: 2023-08-31T00:04:39.287Z

Reserved: 2023-08-04T18:24:36.610Z

Link: CVE-2023-4163

JSON object: View

NVD Information

Status : Modified

Published: 2023-08-31T01:15:09.190

Modified: 2023-11-30T22:15:09.203

Link: CVE-2023-4163

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4163", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2023-08-04T18:24:36.610Z", "datePublished": "2023-08-31T00:04:39.287Z", "dateUpdated": "2023-08-31T00:04:39.287Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Directors", "Embedded Switches", "Switches"], "product": "Brocade Fabric OS", "vendor": "Brocade", "versions": [{"status": "affected", "version": "Fabric OS before v9.2.0a"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nIn\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"}], "value": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2023-08-31T00:04:39.287Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"}, {"url": "https://security.netapp.com/advisory/ntap-20231130-0001/"}], "source": {"discovery": "UNKNOWN"}, "title": "Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDE13EB8-68AA-4E11-80D3-48E88398A70D", "versionEndExcluding": "9.2.0a", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"}, {"lang": "es", "value": "En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condici\u00f3n de desbordamiento de b\u00fafer, lo que lleva a un p\u00e1nico del kernel con una gran entrada a los b\u00faferes en el comando portcfgfportbuffers."}], "id": "CVE-2023-4163", "lastModified": "2023-11-30T22:15:09.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "sirt@brocade.com", "type": "Secondary"}]}, "published": "2023-08-31T01:15:09.190", "references": [{"source": "sirt@brocade.com", "url": "https://security.netapp.com/advisory/ntap-20231130-0001/"}, {"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "sirt@brocade.com", "type": "Secondary"}]}