CVE-2022-33182

Published: Oct 25, 2022Modified: May 7, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.

Affected (2)

Products: Broadcom: Fabric Operating System

1 product

Fabric Operating System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Broadcom Fabric Operating System	From 8.0.0 to 8.2.3c
Broadcom Fabric Operating System	From 9.0.0 to 9.0.1e

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://security.netapp.com/advisory/ntap-20230127-0007/

Source: sirt@brocade.com

Third Party Advisory

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084

Source: sirt@brocade.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230127-0007/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.