Clear text password logging vulnerability in Brocade Fabric OS v9.2.0 during downgrade

Clear text password logging vulnerability in Brocade Fabric OS v9.2.0 during downgrade

CVE-2023-3489 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

Learn more about our Cis Benchmark Audit For Server Software.