← back
CVE-2018-6443

CVE-2018-6443

EPSS 7.4%
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
Affected products
Brocade Communications Systems, Inc. · Brocade Network Advisor
public PoCs found2
cve_referencepacketstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/46887unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.htmlhttps://security.netapp.com/advisory/ntap-20190411-0005/https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743