CVE-2023-3489 | firmwaredownload command could log servers passwords in clear text
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
Conclusion & alert: CVE-2023-3489 is rated Moderate Risk (42/100): CVSS High severity, with low exploitation likelihood (EPSS 0.30%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2023-3489
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).