CVE-2024-7516: Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
First published: Tue Nov 12 2024(Updated: )
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Brocade FABRIC OS (FOS) | <9.2.2 | |
| Broadcom Fabric Operating System | <9.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-7516?
CVE-2024-7516 has been assigned a high severity rating due to its potential to enable man-in-the-middle attacks.
How do I fix CVE-2024-7516?
To fix CVE-2024-7516, upgrade Brocade Fabric OS to version 9.2.2 or later.
What types of attacks are associated with CVE-2024-7516?
CVE-2024-7516 allows attackers to conduct remote Service Session Hijacking through SSH key forgery.
Which versions of Brocade Fabric OS are affected by CVE-2024-7516?
Brocade Fabric OS versions prior to 9.2.2 are affected by CVE-2024-7516.
Who can exploit CVE-2024-7516?
CVE-2024-7516 can be exploited by man-in-the-middle attackers with the capability to forge SSH keys.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/brocade
- canonical/brocade fabric os (fos)
- vendor/broadcom
- canonical/broadcom fabric operating system