A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command.
This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 09 Sep 2025 19:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-77 | 
Tue, 09 Sep 2025 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-78 | 
Thu, 21 Nov 2024 18:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Brocade Brocade fabric Os | |
| CPEs | cpe:2.3:o:brocade:fabric_os:-:*:*:*:*:*:*:* | |
| Vendors & Products | Brocade Brocade fabric Os | |
| Metrics | ssvc 
 | 
Thu, 21 Nov 2024 06:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack. | |
| Title | Privileged escalation via crafted use of portcfg command | |
| Weaknesses | CWE-77 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: brocade
Published: 2024-11-21T05:53:34.442Z
Updated: 2025-09-09T19:02:20.886Z
Reserved: 2024-08-05T22:49:54.345Z
Link: CVE-2024-7517
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-11-21T14:03:44.236Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2024-11-21T11:15:35.990
Modified: 2025-09-09T19:15:45.260
Link: CVE-2024-7517
 Redhat
                        Redhat
                    No data.