CVE-2022-28169

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-10-25 21:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-28169

Mitre link : CVE-2022-28169

CVE.ORG link : CVE-2022-28169


JSON object : View

Products Affected

broadcom

  • fabric_operating_system
CWE
CWE-269

Improper Privilege Management