CVE-2024-5461

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.

CVSS

No CVSS.

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411

Configurations

No configuration.

History

09 Sep 2025, 19:15

Type	Values Removed	Values Added
Summary		(es) La implementación de Simple Network Management Protocol (SNMP) que opera en el switch blade integrado Brocade 6547 (FC5022) realiza llamadas de script internas a system.sh desde dentro del binario SNMP. Un atacante autenticado podría realizar una inyección de comandos o parámetros en operaciones SNMP que solo están habilitadas en el switch integrado Brocade 6547 (FC5022). Esta inyección podría permitir al atacante autenticado emitir comandos como superusuario.
CWE	~~CWE-77~~	CWE-78

15 Feb 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-15 00:15

Updated : 2025-09-09 19:15

NVD link : CVE-2024-5461

Mitre link : CVE-2024-5461

CVE.ORG link : CVE-2024-5461

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-5461", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-15T00:15:13.513", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24411", "source": "sirt@brocade.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Implementation of the Simple Network \nManagement Protocol (SNMP) operating on the Brocade 6547 (FC5022) \nembedded switch blade, makes internal script calls to system.sh from \nwithin the SNMP binary. An authenticated attacker could perform command \nor parameter injection on SNMP operations that are only enabled on the \nBrocade 6547 (FC5022) embedded switch. This injection could allow the \nauthenticated attacker to issue commands as Root."}, {"lang": "es", "value": "La implementaci\u00f3n de Simple Network Management Protocol (SNMP) que opera en el switch blade integrado Brocade 6547 (FC5022) realiza llamadas de script internas a system.sh desde dentro del binario SNMP. Un atacante autenticado podr\u00eda realizar una inyecci\u00f3n de comandos o par\u00e1metros en operaciones SNMP que solo est\u00e1n habilitadas en el switch integrado Brocade 6547 (FC5022). Esta inyecci\u00f3n podr\u00eda permitir al atacante autenticado emitir comandos como superusuario."}], "lastModified": "2025-09-09T19:15:44.247", "sourceIdentifier": "sirt@brocade.com"}