CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-27797 – Brocade Fabric OS Remote Code Execution / Information Disclosure
https://notcve.org/view.php?id=CVE-2021-27797
21 Feb 2022 — Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. Brocade Fabric OS versiones anteriores a Brocade Fabric OS versiones v8.2.1c, v8.1.2h, y todas las versiones de Brocade Fabric OS v8.0.x y v7.x contienen credenciales documentadas embebidas, que podrían permitir a los atacantes conseguir acceso al sistema Brocade Fabric OS versions prior to 9.2.... • https://packetstorm.news/files/id/190177 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27796
https://notcve.org/view.php?id=CVE-2021-27796
21 Feb 2022 — A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries. Una vulnerabilidad en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v8.0.1b, v7.4.1d podría permitir a un atacante autenticado dentro del entorno de shell restringido (rbash) como cuenta "... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27791
https://notcve.org/view.php?id=CVE-2021-27791
12 Aug 2021 — The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process. Una función que es usada para analizar el encabezado de Autenticación en el servicio de aplicaciones web de Brocade F... • https://security.netapp.com/advisory/ntap-20210819-0002 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27790
https://notcve.org/view.php?id=CVE-2021-27790
12 Aug 2021 — The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account. El comando ipfilter en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v.9.0.1a, v8.2.3, y v8.2.0_CBN4, y v7.4.2h, usa una función de cadena no segura para procesar la entrada del... • https://security.netapp.com/advisory/ntap-20210819-0002 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27794
https://notcve.org/view.php?id=CVE-2021-27794
12 Aug 2021 — A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. Una vulnerabilidad en el mecanismo de autenticación de las versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v.9.0.1a, v8.2.3a y v7.4.2h, podía permitir a un usuario iniciar sesión con una contraseña vacía y no válida mediante telnet, ssh y REST • https://security.netapp.com/advisory/ntap-20210819-0001 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27792
https://notcve.org/view.php?id=CVE-2021-27792
12 Aug 2021 — The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot. Las funciones de manejo de solicitudes en la interfaz de administración web de las versiones del sistema operativo Brocade Fabric anteriores a las versiones v9.0.1a, v8.2.3a y v7.4.2h no ma... • https://security.netapp.com/advisory/ntap-20210819-0002 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27793
https://notcve.org/view.php?id=CVE-2021-27793
12 Aug 2021 — ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. Un fallo de autorización intermitente en aaa tacacs+ con las versiones de Brocade Fabric OS anteriores a v9.0.1b y posteriores a 9.0.0, también en Brocade Fabric OS versiones anteriores a v8.2.3a y posteriores a v8.2.0, podría c... • https://security.netapp.com/advisory/ntap-20210819-0001 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15386
https://notcve.org/view.php?id=CVE-2020-15386
09 Jun 2021 — Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. Brocade Fabric OS versiones anteriores a v9.0.1a y 8.2.3a y posteriores a v9.0.0 y 8.2.2d, puede observar una alta carga de la CPU durante un escaneo de seguridad, lo que podría conllevar una respuesta más lenta a los comandos CLI y otras operaciones • https://security.netapp.com/advisory/ntap-20210819-0002 •
CVSS: 7.4EPSS: 0%CPEs: 13EXPL: 0CVE-2020-15387
https://notcve.org/view.php?id=CVE-2020-15387
09 Jun 2021 — The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Los servidores SSH del host de Brocade Fabric OS versiones anteriores a v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, y Brocade SANnav versiones anteriores a v2.1.1, utilizan claves de menos de 2048 bits, que pueden ser vulnerables a ataques de tipo man-in-the-mid... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-15383
https://notcve.org/view.php?id=CVE-2020-15383
09 Jun 2021 — Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. Una ejecución de escaneos de seguridad contra el SAN switch puede causar a los procesos de configuración y notificación secundaria dentro de las versiones de firmware anteriores a Brocade Fabric OS v9.0.0, v8.2.2d y v8.2.1e, consumir toda la memoria, conllev... • https://security.netapp.com/advisory/ntap-20210819-0002 •