Login Sign Up

CVE-2023-3454

8.6 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a remote code execution vulnerability in Brocade Fabric OS that allows attackers to execute arbitrary code and gain root access to Brocade switches. It affects Brocade Fabric OS versions after v9.0 and before v9.2.0. Organizations using affected Brocade SAN switches are vulnerable to complete system compromise.

💻 Affected Systems

Products:
  • Brocade SAN switches running Fabric OS
Versions: After v9.0 and before v9.2.0
Operating Systems: Brocade Fabric OS
Default Config Vulnerable: ⚠️ Yes
Notes: All systems running affected Fabric OS versions are vulnerable regardless of configuration.

📦 What is this software?

Fabric Operating System by Broadcom

View all CVEs affecting Fabric Operating System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains root access to Brocade switch, enabling complete control over SAN infrastructure, data exfiltration, network disruption, and lateral movement to connected systems.

🟠

Likely Case

Attacker executes arbitrary code with root privileges, potentially disrupting SAN operations, stealing sensitive data, or using the switch as a pivot point for further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the affected switch, preventing lateral movement to other systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Based on CVSS score and CWE-78 (OS Command Injection), exploitation is likely straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v9.2.0 or later

Vendor Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/23215

Restart Required: Yes

Instructions:

1. Download Fabric OS v9.2.0 or later from Broadcom support portal. 2. Upload firmware to switch management interface. 3. Apply firmware update. 4. Reboot switch to complete installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Brocade switch management interfaces to only authorized administrative networks.

Access Control Lists

all

Implement strict ACLs on switch management interfaces to limit source IP addresses.

🧯 If You Can't Patch

  • Isolate affected switches in dedicated VLANs with strict firewall rules
  • Implement network monitoring for unusual traffic patterns to/from switch management interfaces

🔍 How to Verify

Check if Vulnerable:

Check Fabric OS version via CLI: 'version' command. If version is >9.0 and <9.2.0, system is vulnerable.

Check Version:

version

Verify Fix Applied:

After patching, run 'version' command to confirm Fabric OS version is v9.2.0 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Failed authentication attempts followed by successful access
  • Unexpected process creation

Network Indicators:

  • Unusual traffic to switch management ports (typically 22, 23, 80, 443)
  • Traffic from unexpected source IPs to management interfaces

SIEM Query:

source="brocade_switch" AND (event_type="command_execution" OR auth_result="success" FROM new_ip)

📊 Metadata

CVE ID: CVE-2023-3454
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-78
Published: April 4, 2024
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3454, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)