{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5461", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2024-05-29T04:50:55.263Z", "datePublished": "2025-02-15T00:06:56.950Z", "dateUpdated": "2025-09-09T18:59:55.320Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Brocade 6547 (FC5022) embedded switch blade"], "product": "Brocade Fabric OS", "vendor": "Brocade", "versions": [{"status": "affected", "version": "before 8.2.3e1_pha"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Implementation of the Simple Network \nManagement Protocol (SNMP) operating on the Brocade 6547 (FC5022) \nembedded switch blade, makes internal script calls to system.sh from \nwithin the SNMP binary. An authenticated attacker could perform command \nor parameter injection on SNMP operations that are only enabled on the \nBrocade 6547 (FC5022) embedded switch. This injection could allow the \nauthenticated attacker to issue commands as Root. <br><p></p>"}], "value": "Implementation of the Simple Network \nManagement Protocol (SNMP) operating on the Brocade 6547 (FC5022) \nembedded switch blade, makes internal script calls to system.sh from \nwithin the SNMP binary. An authenticated attacker could perform command \nor parameter injection on SNMP operations that are only enabled on the \nBrocade 6547 (FC5022) embedded switch. This injection could allow the \nauthenticated attacker to issue commands as Root."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248: Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2025-09-09T18:59:55.320Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411"}], "source": {"discovery": "UNKNOWN"}, "title": "Command or parameter injection via unique embedded switch SNMP commands.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-18T17:01:47.862273Z", "id": "CVE-2024-5461", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T17:01:58.493Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-18T17:01:47.862273Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T17:01:54.508Z"}}], "cna": {"title": "Command or parameter injection via unique embedded switch SNMP commands.", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248: Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brocade", "product": "Brocade Fabric OS", "versions": [{"status": "affected", "version": "before 8.2.3e1_pha"}], "platforms": ["Brocade 6547 (FC5022) embedded switch blade"], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Implementation of the Simple Network \nManagement Protocol (SNMP) operating on the Brocade 6547 (FC5022) \nembedded switch blade, makes internal script calls to system.sh from \nwithin the SNMP binary. An authenticated attacker could perform command \nor parameter injection on SNMP operations that are only enabled on the \nBrocade 6547 (FC5022) embedded switch. This injection could allow the \nauthenticated attacker to issue commands as Root.", "supportingMedia": [{"type": "text/html", "value": "Implementation of the Simple Network \nManagement Protocol (SNMP) operating on the Brocade 6547 (FC5022) \nembedded switch blade, makes internal script calls to system.sh from \nwithin the SNMP binary. An authenticated attacker could perform command \nor parameter injection on SNMP operations that are only enabled on the \nBrocade 6547 (FC5022) embedded switch. This injection could allow the \nauthenticated attacker to issue commands as Root. <br><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2025-09-09T18:59:55.320Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5461", "state": "PUBLISHED", "dateUpdated": "2025-09-09T18:59:55.320Z", "dateReserved": "2024-05-29T04:50:55.263Z", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "datePublished": "2025-02-15T00:06:56.950Z", "assignerShortName": "brocade"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Implementation of the Simple Network \nManagement Protocol (SNMP) operating on the Brocade 6547 (FC5022) \nembedded switch blade, makes internal script calls to system.sh from \nwithin the SNMP binary. An authenticated attacker could perform command \nor parameter injection on SNMP operations that are only enabled on the \nBrocade 6547 (FC5022) embedded switch. This injection could allow the \nauthenticated attacker to issue commands as Root."}, {"lang": "es", "value": "La implementaci\u00f3n de Simple Network Management Protocol (SNMP) que opera en el switch blade integrado Brocade 6547 (FC5022) realiza llamadas de script internas a system.sh desde dentro del binario SNMP. Un atacante autenticado podr\u00eda realizar una inyecci\u00f3n de comandos o par\u00e1metros en operaciones SNMP que solo est\u00e1n habilitadas en el switch integrado Brocade 6547 (FC5022). Esta inyecci\u00f3n podr\u00eda permitir al atacante autenticado emitir comandos como superusuario."}], "id": "CVE-2024-5461", "lastModified": "2025-09-09T19:15:44.247", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "sirt@brocade.com", "type": "Secondary"}]}, "published": "2025-02-15T00:15:13.513", "references": [{"source": "sirt@brocade.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "sirt@brocade.com", "type": "Secondary"}]}

{}