CVE-2024-5461: Command or parameter injection via unique embedded switch SNMP commands.

High (8.6)

Description

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.

Classification

CVE ID: CVE-2024-5461

CVSS Base Severity: HIGH

CVSS Base Score: 8.6

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor: Brocade

Product: Brocade Fabric OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 0.11935 (how common is this exploit)

EPSS Date: 2025-03-13 (when was this score calculated)

Timeline

2025-02-16 00:31:02 UTC
CVE

Command or parameter injection via unique embedded switch SNMP commands.