CVE-2016-8204
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: sirt@brocade.com — https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-177
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| broadcom | brocade_network_advisor | {"endIncluding":"14.0.2"} | |
References
- http://www.securityfocus.com/bid/95695
- http://www.zerodayinitiative.com/advisories/ZDI-17-049
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-177
- http://www.securityfocus.com/bid/95695
- http://www.zerodayinitiative.com/advisories/ZDI-17-049
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-177
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.