PatchSiren cyber security CVE debrief

CVE-2016-8206 Brocade CVE debrief

CVE-2016-8206 is a directory traversal issue in the SoftwareImageUpload servlet of Brocade Network Advisor. According to NVD, affected versions include Brocade Network Advisor through 14.0.2, and the flaw can let remote attackers write to arbitrary files and, as a consequence, delete files. Because the issue is network-reachable and requires no user interaction, it should be treated as a high-priority fix for any exposed deployment.

Vendor: Brocade
Product: CVE-2016-8206
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-14
Original CVE updated: 2026-05-13
Advisory published: 2017-01-14
Advisory updated: 2026-05-13

Who should care

Administrators and security teams running Brocade Network Advisor, especially environments on version 14.0.2 or earlier and any system with management interfaces reachable from untrusted networks.

Technical summary

NVD maps this issue to CWE-22 (Directory Traversal) and describes it in the SoftwareImageUpload servlet of Brocade Network Advisor. The supplied CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating a remotely reachable issue with no privileges or user interaction required and high integrity impact. The affected CPE range in the supplied record ends at version 14.0.2 inclusive.

Defensive priority

High. Remote reachability, no privilege requirements, and the ability to write or delete files make this vulnerability an immediate remediation concern for any affected Brocade Network Advisor installation.

Recommended defensive actions

Inventory Brocade Network Advisor deployments and confirm whether any instance is version 14.0.2 or earlier.
Upgrade to a vendor-fixed release newer than 14.0.2 using Broadcom/Brocade remediation guidance.
Restrict network access to the management interface and related servlet endpoints so only trusted administrative networks can reach them.
Review file integrity, upload paths, and application logs for suspicious writes or unexpected deletions.
If an affected version must remain temporarily in service, isolate it and apply compensating controls until remediation is completed.

Evidence notes

The supplied NVD record states: directory traversal in the SoftwareImageUpload servlet of Brocade Network Advisor versions released prior to and including 14.0.2 can allow remote attackers to write to arbitrary files and consequently delete files. NVD lists CWE-22 and a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The supplied references include the Brocade/Broadcom advisory, a ZDI advisory, an HPE advisory page, and a SecurityFocus entry, which support the product and vulnerability context.

Official resources

CVE-2016-8206 CVE record
CVE.org
CVE-2016-8206 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

CVE-2016-8206 was published in the supplied NVD record on 2017-01-14 and later modified on 2026-05-13. This debrief relies on the published CVE record, the supplied NVD metadata, and the listed references; no KEV entry is present in the sup