How severe is CVE-2024-7517?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-7517?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2024-7517 - HIGH Severity | CVSS N/A

Vulnerability Description

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.

Related Vulnerabilities

CVE-2024-51736

NONE

CVSS:0.0(None)

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it...

CWE-772024

CVE-2015-7541

CRITICAL

CVSS:10.0(Critical)

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metachara...

CWE-772015

CVE-2017-7722

CRITICAL

CVSS:10.0(Critical)

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploitin...

CWE-772017

CVE-2017-7876

CRITICAL

CVSS:10.0(Critical)

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 bui...

CWE-772017

CVE-2018-16462

CRITICAL

CVSS:10.0(Critical)

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

CWE-772018

CVE-2020-27227

CRITICAL

CVSS:10.0(Critical)

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request...

CWE-772020