CVE-2016-8204 Broadcom CVE debrief

Who should care

Administrators and security teams responsible for Broadcom/Brocade Network Advisor deployments, especially any environment still running version 14.0.2 or earlier. Because the issue is remote, unauthenticated, and can lead to code execution, internet-facing or broadly reachable management systems should be treated as high risk.

Technical summary

The NVD lists the weakness as CWE-22 (Path Traversal) in FileReceiveServlet. The vulnerable scope is Brocade Network Advisor versions through 14.0.2, with a vulnerable CPE entry for broadcom:brocade_network_advisor. The core risk is that crafted path handling may allow a remote attacker to place a file in a sensitive location, including a location where it can execute, creating a path from traversal to code execution.

Defensive priority

Immediate for any exposed or actively used Brocade Network Advisor instance at or below 14.0.2. Treat as a critical remediation item because the attack requires no privileges or user interaction and the published CVSS score is 9.8.

Recommended defensive actions

• Confirm whether Brocade Network Advisor is deployed anywhere in the environment, including legacy or administrative networks.
• Inventory versions and identify any instance at version 14.0.2 or earlier.
• Apply the vendor-recommended remediation from the Broadcom advisory for CVE-2016-8204, or upgrade to a fixed release if available.
• Restrict network access to the management interface until remediation is complete, especially from untrusted or adjacent networks.
• Review the FileReceiveServlet exposure and any upload-related functionality for unusual files or unexpected write activity.
• After remediation, verify that only authorized administrators can reach the management service and that file upload paths are properly constrained.
• Monitor for signs of unauthorized file placement or execution in the product's install and working directories.

Evidence notes

This debrief is based on the supplied NVD CVE record and listed references. The record names the vulnerability as a directory traversal in FileReceiveServlet, affected versions as through 14.0.2, CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and CWE-22. The supplied source also includes references to a Broadcom security advisory, ZDI-17-049, SecurityFocus BID 95695, and an HPE advisory. No KEV listing or ransomware linkage was provided in the corpus.

Official resources