PatchSiren cyber security CVE debrief
CVE-2016-8201 Brocade CVE debrief
CVE-2016-8201 describes a cross-site request forgery (CSRF) issue in Brocade Virtual Traffic Manager versions released prior to and including 11.0. In practical terms, an attacker could induce an authenticated user to submit administrative actions against the traffic manager cluster. The NVD record classifies the weakness as CWE-352 and rates it High severity.
- Vendor
- Brocade
- Product
- CVE-2016-8201
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-14
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-14
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for Brocade Virtual Traffic Manager deployments at version 11.0 or earlier, especially where the management interface is reachable from user browsers and cluster administration is performed through the web UI.
Technical summary
The official NVD metadata identifies the issue as CWE-352 (CSRF) and assigns CVSS 3.0 vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability affects cpe:2.3:a:brocade:virtual_traffic_manager:*:*:*:*:*:*:*:* with versionEndIncluding 11.0. The described impact is that a logged-in user can be tricked into making administrative changes on the traffic manager cluster.
Defensive priority
High priority for any affected deployment, because the impact includes unauthorized administrative changes and the issue is exploitable through normal web-user interaction.
Recommended defensive actions
- Confirm whether any Brocade Virtual Traffic Manager instance is at version 11.0 or earlier and inventory all clusters that expose administrative functions.
- Follow the linked vendor and advisory references for remediation guidance and upgrade to a fixed release if available.
- Restrict management access to trusted administrative networks or VPN-only paths and minimize browser-based access to the admin interface.
- Review session handling and CSRF protections in the management workflow, and ensure any vendor-supported mitigations are enabled.
- Audit recent and historical administrative changes on affected clusters for unauthorized configuration changes around the disclosure period.
Evidence notes
This debrief is based only on the supplied CVE/NVD metadata and the linked official or vendor-referenced advisory URLs. The corpus explicitly states the issue is a CSRF vulnerability in Brocade Virtual Traffic Manager through 11.0, references CWE-352, and includes vendor-referenced advisories (SecurityFocus BID 95930, CERT VU 192371, Pulse Secure advisories, and a SonicWall reference). No exploit proof-of-concept or remediation text was included in the supplied corpus.
Official resources
Publicly published in the official CVE/NVD record on 2017-01-14 and later modified on 2026-05-13. Timing here reflects the supplied CVE/source dates, not the publication time of this debrief.