CVE-2016-8202

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.

Published: May 8, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-8202
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
broadcom / fabric_operating_system	-	7.4.1c.x
broadcom / fabric_operating_system	8.0.1	8.0.1.x

http://www.securityfocus.com/bid/98332
http://www.securitytracker.com/id/1038401
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208

Vulnerability Database

289,871

CVE-2016-8202