CVE-2024-7516

Summary

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.

Affected Software

VendorProductVersion RangeStatus
BrocadeFabric OSbefore 9.2.2affected

Weaknesses

  • CWE-322: CWE-322: Key Exchange without Entity Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References