CVE-2023-3489

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

Published: Aug 31, 2023
Updated: May 4, 2025
CVE: CVE-2023-3489
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
broadcom / fabric_operating_system	9.2.0	9.2.0.x

https://security.netapp.com/advisory/ntap-20231124-0003/
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510

Vulnerability Database

289,871

CVE-2023-3489