CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-5461: Command or parameter injection via unique embedded switch SNMP commands.

8.6 CVSS

Description

Implementation of the Simple Network
Management Protocol (SNMP) operating on the Brocade 6547 (FC5022)
embedded switch blade, makes internal script calls to system.sh from
within the SNMP binary. An authenticated attacker could perform command
or parameter injection on SNMP operations that are only enabled on the
Brocade 6547 (FC5022) embedded switch. This injection could allow the
authenticated attacker to issue commands as Root.

Classification

CVE ID: CVE-2024-5461

CVSS Base Severity: HIGH

CVSS Base Score: 8.6

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor: Brocade

Product: Brocade Fabric OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.0% (scored less or equal to compared to others)

EPSS Date: 2025-03-16 (when was this score calculated)

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411

Timeline