CVERadar

CVE-2024-5461

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00045/1

CVE-2024-5461 is a critical command injection vulnerability affecting Brocade 6547 (FC5022) embedded switch blades using SNMP. An authenticated attacker can exploit this flaw to execute arbitrary commands as Root. This is achieved through parameter injection into SNMP operations that interact with the system.sh script. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a moderate risk, demanding attention and assessment. Although not immediately critical (SVRS above 80), successful exploitation leads to full system control, posing a significant threat. This vulnerability allows attackers to gain complete administrative access. Mitigation strategies should be implemented to prevent unauthorized command execution. It highlights the importance of secure SNMP configurations and proper input validation.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-5461 | Brocade Fabric OS up to 8.2.3e Management Protocol system.sh command injection

vuldb.com2025-02-15

CVE-2024-5461 | Brocade Fabric OS up to 8.2.3e Management Protocol system.sh command injection | A vulnerability, which was classified as critical, has been found in Brocade Fabric OS. This issue affects some unknown processing of the file system.sh of the component Management Protocol. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-5461</a

vuldb.com

rss

forum

news

Social Media

VulDB 🛡

@vuldb

2025-02-15

There is a new vulnerability with elevated criticality in Brocade Fabric OS (CVE-2024-5461) https://t.co/mTbCR01QrX

CVEFind.com

@CveFindCom

2025-02-15

[CVE-2024-5461: HIGH] Vulnerability in Brocade 6547 (FC5022) switch allows authenticated attacker to inject commands via SNMP calls, leading to potential unauthorized Root access. #CyberSecurity.#cybersecurity,#vulnerability https://t.co/EMJu0UTEWp https://t.co/jRAx07DFLL

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411

CWE Details

CWE ID	CWE Name	Description
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence