CVE-2023-3454
Published: 04 April 2024
Summary
CVE-2023-3454 is a high-severity OS Command Injection (CWE-78) vulnerability in Broadcom Fabric Operating System. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-3454 is a remote code execution vulnerability in Brocade Fabric OS versions after 9.0 and before 9.2.0. The flaw, tracked under CWE-78, resides in the switch firmware and carries a CVSS 3.1 score of 8.6 reflecting network attack vector, low complexity, and no required credentials or user interaction.
An unauthenticated attacker can send specially crafted input over the network to execute arbitrary code on the affected Brocade switch, resulting in full root-level compromise of the device and its management functions.
Broadcom and NetApp have published security advisories that direct customers to the fixed release and associated remediation guidance.
The EPSS score rose from a low baseline to a peak of 0.0502 on 2026-05-12 before receding to the current value of 0.0343, indicating that exploitation interest increased after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-44116
Vulnerability details
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.