CVE-2018-6443

Published: Jan 22, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.

Affected (2)

Products: Brocade: Network Advisor · Netapp: Brocade Network Advisor

1 product

Network Advisor

1 product

Brocade Network Advisor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Brocade Network Advisor	Before 14.3.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Brocade Network Advisor	All versions

Related CWEs

References (6)

http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html

Source: sirt@brocade.com

https://security.netapp.com/advisory/ntap-20190411-0005/

Source: sirt@brocade.com

Third Party Advisory

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743

Source: sirt@brocade.com

Third Party Advisory

http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20190411-0005/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.