CVE Tools

CVE-2024-7516

Brocade Fabric OS before 9.2.2 does not enforce strict host key checking

Published: Nov 12, 2024Updated: Feb 4, 2025 Sources: CVE List NVD BDUCWE-322

No Known Exploits

Patch Available

Description

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.

CVSS Vector Breakdown

Exploitability

AV:AAttack Vector

Adjacent

AC:HAttack Complexity

High

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

CWE-322 CWE-306

Affected Products

fabric operating system broadcom

On-prem

Networking Infrastructure / network-management

Fabric OS Broadcom Inc.

Mixed

Cloud & SaaS / virtualization

Fabric OS Brocade

EmbeddedOS

Networking Infrastructure / network-management

broadcomcommercialUSCloud & SaaSaka broadcom inc

broadcom inc.commercialUSCloud & SaaSaka vmware by broadcom

brocadecommercialUSNetworking Infrastructureaka fabric os, sannav

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

MITRE ATT&CK

2 techniques

Initial Access

View detailed technique mapping

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25177

support.broadcom.com

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25177

support.broadcom.com

https://vuldb.com/?id.284214

Timeline

Published

Nov 12, 2024

Last Updated

Feb 4, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-7516 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows