Vulnerabilities ›

CVE-2025-58382

High

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative

CWE-305 — Weakness Type

                    Published: Feb 3, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.2

🔗 NVD Official

📄 Description (English)

A vulnerability in the secure configuration of authentication and
management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could
allow an authenticated, remote attacker with administrative credentials
to execute arbitrary commands as root using “supportsave”,
“seccertmgmt”, “configupload” command.

🤖 AI Executive Summary

CVE-2025-58382 is a high-severity vulnerability in Brocade Fabric OS affecting versions before 9.2.1c2, allowing authenticated administrators to execute arbitrary commands as root through insecure command handling in supportsave, seccertmgmt, and configupload utilities. This vulnerability poses significant risk to Saudi organizations operating Fibre Channel storage networks, particularly in banking and healthcare sectors where data integrity is critical. Immediate patching to version 9.2.1c2 or later is strongly recommended to prevent privilege escalation and unauthorized system access.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 8, 2026 19:19

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations in the Banking sector (SAMA-regulated institutions), Healthcare (MOH facilities and private hospitals), and Energy sector (ARAMCO and related infrastructure). Brocade Fabric OS is commonly deployed in enterprise SAN (Storage Area Network) environments supporting critical data centers. Compromised administrative access could lead to unauthorized data exfiltration, system manipulation, and potential disruption of critical services. The vulnerability is particularly concerning for organizations handling sensitive financial data, patient records, and operational technology systems. Government entities (NCA oversight) and telecommunications providers (STC) operating Fibre Channel infrastructure are also at elevated risk.

🏢 Affected Saudi Sectors

Banking and Financial Services Healthcare Energy and Utilities Government Telecommunications Data Centers and Cloud Infrastructure

🎯 MITRE ATT&CK Techniques

T1548 — Abuse Elevation Control Mechanism T1548.004 — Elevated Execution with Prompt T1059 — Command and Scripting Interpreter T1078 — Valid Accounts T1078.002 — Domain Accounts T1133 — External Remote Services T1021 — Remote Service Session Initiation

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Brocade Fabric OS deployments in your environment and document current versions

2. Restrict administrative access to affected systems and implement additional monitoring on supportsave, seccertmgmt, and configupload commands

3. Review audit logs for suspicious command execution patterns from administrative accounts

PATCHING GUIDANCE:

1. Upgrade all Brocade Fabric OS installations to version 9.2.1c2 or later immediately

2. Test patches in non-production environments first to ensure compatibility with existing SAN configurations

3. Schedule maintenance windows for production systems and coordinate with dependent applications

4. Verify patch installation by confirming version numbers post-upgrade

COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement network segmentation to restrict administrative access to Fabric OS management interfaces

2. Enable command logging and real-time alerting for supportsave, seccertmgmt, and configupload execution

3. Enforce multi-factor authentication for administrative access where supported

4. Implement IP whitelisting for administrative connections

5. Disable unnecessary management services if not required for operations

DETECTION RULES:

1. Monitor for execution of supportsave, seccertmgmt, configupload commands with root-level privileges

2. Alert on any command execution from administrative accounts outside normal maintenance windows

3. Track failed authentication attempts followed by successful administrative sessions

4. Monitor for unusual process spawning from Fabric OS management utilities

5. Implement SIEM rules to correlate administrative access with subsequent system modifications

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حدد جميع نشرات Brocade Fabric OS في بيئتك وقم بتوثيق الإصدارات الحالية

2. قيد الوصول الإداري للأنظمة المتأثرة وطبق مراقبة إضافية على أوامر supportsave و seccertmgmt و configupload

3. راجع سجلات التدقيق للبحث عن أنماط تنفيذ أوامر مريبة من حسابات إدارية

إرشادات التصحيح:

1. قم بترقية جميع تثبيتات Brocade Fabric OS إلى الإصدار 9.2.1c2 أو أحدث فوراً

2. اختبر التصحيحات في بيئات غير الإنتاج أولاً للتأكد من التوافق مع تكوينات SAN الموجودة

3. جدول نوافذ الصيانة للأنظمة الإنتاجية وتنسيق مع التطبيقات التابعة

4. تحقق من تثبيت التصحيح بتأكيد أرقام الإصدارات بعد الترقية

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. طبق تقسيم الشبكة لتقييد الوصول الإداري إلى واجهات إدارة Fabric OS

2. فعّل تسجيل الأوامر والتنبيهات في الوقت الفعلي لتنفيذ supportsave و seccertmgmt و configupload

3. فرض المصادقة متعددة العوامل للوصول الإداري حيث يكون مدعوماً

4. طبق قائمة بيضاء للعناوين IP للاتصالات الإدارية

5. عطّل خدمات الإدارة غير الضرورية إذا لم تكن مطلوبة للعمليات

قواعد الكشف:

1. راقب تنفيذ أوامر supportsave و seccertmgmt و configupload بامتيازات مستوى الجذر

2. أصدر تنبيهات لأي تنفيذ أوامر من حسابات إدارية خارج نوافذ الصيانة العادية

3. تتبع محاولات المصادقة الفاشلة متبوعة بجلسات إدارية ناجحة

4. راقب توليد العمليات غير العادية من أدوات إدارة Fabric OS

5. طبق قواعل SIEM لربط الوصول الإداري بالتعديلات اللاحقة على النظام

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 - 5.1.1: Access Control and Authentication ECC 2024 - 5.2.1: Administrative Access Management ECC 2024 - 6.1.1: Vulnerability Management ECC 2024 - 7.1.1: Audit and Logging

🔵 SAMA CSF

SAMA CSF - ID.AM-1: Asset Management SAMA CSF - PR.AC-1: Access Control SAMA CSF - PR.AC-4: Access Rights Management SAMA CSF - DE.CM-1: System Monitoring SAMA CSF - RS.MI-1: Incident Response

🟡 ISO 27001:2022

ISO 27001:2022 - A.5.2: Information Security Policies ISO 27001:2022 - A.8.2: Asset Management ISO 27001:2022 - A.9.2: User Access Management ISO 27001:2022 - A.9.4: Access Rights Review ISO 27001:2022 - A.12.6: Technical Vulnerability Management

🟣 PCI DSS v4.0.1

PCI DSS 4.0 - 2.1: Inventory of Hardware and Software PCI DSS 4.0 - 6.2: Security Patches and Updates PCI DSS 4.0 - 7.1: Limit Access to System Components PCI DSS 4.0 - 8.2: User Identification and Authentication

🔗 References & Sources 1

🔗

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/Se...

sirt@brocade.com

Vendor Advisory

📦 Affected Products / CPE 2 entries

broadcom:fabric_operating_system

📊 CVSS Score

7.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.2

CWECWE-305

EPSS0.07%

Exploit No

Patch ✓ Yes

Published 2026-02-03

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-305

🏢 Vendor Advisories

🔗 https://support.broadcom.com/web/ecx/support-content...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-58382

💬 Comments

Introduce Yourself

Sign In Required