CVE-2024-7517

Published: Nov 21, 2024

Modified: Sep 9, 2025

PUBLISHED

Description

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.

Vendor	Product	Versions
Brocade	Fabric OS	affected `Brocade Fabric OS versions before 9.2.0c, and 9.2.1 through 9.2.1a`

Weaknesses (CWE)

CWE-78

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25071

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-7517

Description

Affected Products

Weaknesses (CWE)

References