cve/2018/CVE-2018-6443.md

### [CVE-2018-6443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6443)
![](https://img.shields.io/static/v1?label=Product&message=Brocade%20Network%20Advisor&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Hard-coded%20Credentials&color=brighgreen)

### Description

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.

### POC

#### Reference
- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-6443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6443)`
			`![](https://img.shields.io/static/v1?label=Product&message=Brocade%20Network%20Advisor&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Hard-coded%20Credentials&color=brighgreen)`

			`### Description`

			`A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/153035/Brocade-Network-Advisor-14.4.1-Unauthenticated-Remote-Code-Execution.html`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`