Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Brocade — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting Brocade. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Brocade operates primarily in the enterprise networking sector, specializing in high-performance Fibre Channel and Ethernet switches for data center infrastructure. Historically, its network operating systems have been susceptible to a range of critical flaws, most notably remote code execution (RCE) and buffer overflow vulnerabilities that allow attackers to gain unauthorized administrative access. Privilege escalation and cross-site scripting (XSS) issues have also appeared frequently in its management interfaces, exposing sensitive configuration data. A significant security incident occurred in 2017 when researchers disclosed multiple vulnerabilities in the Fabric OS, highlighting weaknesses in default credential handling and input validation. With 81 recorded CVEs, the vendor’s legacy products often lack modern security controls, requiring rigorous patch management to mitigate risks associated with unpatched firmware versions and exposed management ports.

Top products by Brocade: Brocade SANnav Fabric OS SANnav Brocade Fabric OS ASCG Brocade Fabric OS Brocade Switches Brocade SANnav
CVE IDTitleCVSSSeverityPublished
CVE-2026-0869 Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0 — ASCGCWE-305 8.1AIHighAI2026-03-03
CVE-2025-58381 Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands — Fabric OSCWE-35 7.2AIHighAI2026-02-03
CVE-2025-9711 Privilege escalation in Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b — Fabric OSCWE-272 8.4AIHighAI2026-02-03
CVE-2025-58380 Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command — Fabric OSCWE-35 6.5AIMediumAI2026-02-03
CVE-2026-0383 Information disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0 — Fabric OSCWE-78 5.5AIMediumAI2026-02-03
CVE-2025-58379 Password Exposure in Brocade Fabric OS — Fabric OSCWE-250 5.5AIMediumAI2026-02-03
CVE-2025-58383 Privilege escalation via bind command in Brocade Fabric OS — Fabric OSCWE-250 7.2AIHighAI2026-02-03
CVE-2025-58382 Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a — Fabric OSCWE-305 7.2AIHighAI2026-02-03
CVE-2025-12774 SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0 — SANnavCWE-312 7.1AIHighAI2026-02-03
CVE-2025-12773 Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a — SANnavCWE-209 4.9AIMediumAI2026-02-03
CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save — SANnavCWE-312 6.5AIMediumAI2026-02-02
CVE-2025-12679 Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.0 — SANnavCWE-312 4.9AIMediumAI2026-02-02
CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680) — SANnavCWE-256 6.5AIMediumAI2026-02-02
CVE-2025-4661 Path transversal vulnerability potentially leading to sensitive information disclosure — Fabric OSCWE-22 4.4AIMediumAI2025-06-19
CVE-2025-1976 Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6 — Fabric OSCWE-94 6.7 -2025-04-24
CVE-2024-1509 Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100 — ASCGCWE-523 7.4 -2025-02-28
CVE-2024-5461 Command or parameter injection via unique embedded switch SNMP commands. — Brocade Fabric OSCWE-78 9.9 -2025-02-15
CVE-2024-5462 Brocade Fabric OS may capture SNMP Passwords in clear text — Brocade Fabric OSCWE-319 7.5 -2025-02-14
CVE-2024-4282 Weak TLS Ciphers on Brocade SANnav OVA SSH port 22 — Brocade SANnavCWE-327 7.5 -2025-02-14
CVE-2024-10405 Weak TLS Ciphers on Brocade SANnav port 443 & 18082 — Brocade SANnavCWE-327 7.5 -2025-02-14
CVE-2024-2240 Docker implementation in Brocade SANnav is missing Audit Rules. — Brocade SANnavCWE-250 8.8 -2025-02-14
CVE-2025-1053 Brocade SANnav encryption key is logged in the debug logs — Brocade SANnavCWE-532 4.4 -2025-02-14
CVE-2024-10404 Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave — Brocade SANnavCWE-312 5.5 Medium2025-02-14
CVE-2024-7517 Privileged escalation via crafted use of portcfg command — Fabric OSCWE-78 6.7AIMediumAI2024-11-21
CVE-2024-10403 SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav — Fabric OSCWE-528 6.5AIMediumAI2024-11-21
CVE-2022-43937 Brocade SANnav Information Disclosure Vulnerability — SANnavCWE-532 5.7 Medium2024-11-21
CVE-2022-43936 Brocade Fabric OS switch passwords when debugging is enabled — SANnavCWE-532 6.8 Medium2024-11-21
CVE-2022-43935 Switch passwords and authorization IDs are printed in the embedded MLS DB file — SANnavCWE-532 5.3 Medium2024-11-21
CVE-2022-43934 Weak Key-exchange algorithms — SANnavCWE-327 6.5 Medium2024-11-21
CVE-2022-43933 configuration secrets are logged in support-save — SANnavCWE-538 4.4 Medium2024-11-21

This page lists every published CVE security advisory associated with Brocade. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.