CVE-2023-31425

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.

Published: Aug 1, 2023
Updated: May 4, 2025
CVE: CVE-2023-31425
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
broadcom / fabric_operating_system	9.1.0	9.1.0.x

https://security.netapp.com/advisory/ntap-20230908-0007/
https://support.broadcom.com/external/content/SecurityAdvisories/0/22407

Vulnerability Database

289,871

CVE-2023-31425