CVE-2020-15387
https://notcve.org/view.php?id=CVE-2020-15387
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Los servidores SSH del host de Brocade Fabric OS versiones anteriores a v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, y Brocade SANnav versiones anteriores a v2.1.1, utilizan claves de menos de 2048 bits, que pueden ser vulnerables a ataques de tipo man-in-the-middle y/o a comunicaciones SSH no seguras • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291 • CWE-326: Inadequate Encryption Strength •
CVE-2020-15383
https://notcve.org/view.php?id=CVE-2020-15383
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. Una ejecución de escaneos de seguridad contra el SAN switch puede causar a los procesos de configuración y notificación secundaria dentro de las versiones de firmware anteriores a Brocade Fabric OS v9.0.0, v8.2.2d y v8.2.1e, consumir toda la memoria, conllevando a impactos de denegación de servicio que posiblemente incluyen un switch panic • https://security.netapp.com/advisory/ntap-20210819-0002 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496 •
CVE-2020-15375
https://notcve.org/view.php?id=CVE-2020-15375
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges. Brocade Fabric OS versiones anteriores a v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g, contienen una debilidad de comprobación inapropiada de la entrada en la interfaz de línea de comandos cuando es invocado secccrypptocfg. La vulnerabilidad podría permitir a un usuario autenticado local ejecutar comandos arbitrarios y llevar a cabo una escalada de privilegios • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083 • CWE-20: Improper Input Validation •
CVE-2020-15376
https://notcve.org/view.php?id=CVE-2020-15376
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. Brocade Fabric OS versiones anteriores a v9.0.0 y posteriores a versión v8.1.0, configuradas en el modo Virtual Fabric contienen una debilidad en la implementación de ldap que podría permitir a un usuario de LDAP remoto iniciar sesión en el switch Brocade Fibre Channel SAN con privilegios de "user" si no está asociado con ningún grupo • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158 •
CVE-2020-15374
https://notcve.org/view.php?id=CVE-2020-15374
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. La API Rest en Brocade Fabric OS versiones v8.2.1 hasta v8.2.1d y versiones 8.2.2 anteriores a v8.2.2c, es vulnerable a múltiples instancias de entrada reflejada • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084 •