Vulnerabilites related to broadcom - brocade_6520
cve-2021-27795
Vulnerability from cvelistv5
Published
2023-12-06 01:16
Modified
2024-08-03 21:33
Summary
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.
Impacted products
Vendor Product Version
Brocade Brocade Switches Version: All Version
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T21:33:15.653Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Brocade Switches",
               vendor: "Brocade",
               versions: [
                  {
                     status: "affected",
                     version: "All Version",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<div>\nBrocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. <br><br></div>",
                  },
               ],
               value: "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-20",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-20 Encryption Brute Forcing",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-327",
                     description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-12-06T01:16:07.122Z",
            orgId: "87b297d7-335e-4844-9551-11b97995a791",
            shortName: "brocade",
         },
         references: [
            {
               url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, ",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791",
      assignerShortName: "brocade",
      cveId: "CVE-2021-27795",
      datePublished: "2023-12-06T01:16:07.122Z",
      dateReserved: "2021-02-26T20:18:01.346Z",
      dateUpdated: "2024-08-03T21:33:15.653Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2023-12-06 02:15
Modified
2024-11-21 05:58
Summary
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A924BA8-278D-42F8-9A38-AE1087384629",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "514B80C9-FB9A-46FF-A58F-F90D695CD6EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_610:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "71B3C11A-72A1-40E7-8062-FDCE8B31BF45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_6505:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFE32859-8F51-41C0-829F-E2C7C70D2B32",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_6510:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB73E604-D2BA-463E-8F89-B6FA2D762C49",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_6520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AD15038-420D-456C-9E46-1F68730D5294",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_7800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3E8C687-7999-4FC9-B6F0-8235808B2113",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_7810:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E297EC07-ACD9-44CB-A52E-E8D77F1AB3B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_7840:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A3BC204-ED15-4F07-A493-D688A02E2AF4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_g620:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3C167A2-3A1D-4A7C-8BB0-E923F774DAE2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_g630:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CBE84E8-4D66-4CE7-B6D9-F67F92014C5C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_x6-4_director:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D3425B-AADB-4507-9D9D-907BD49359B0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:broadcom:brocade_x6-8_director:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FF27302-C9A5-4C62-B97D-BFEDAE2F9F5E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n",
      },
      {
         lang: "es",
         value: "Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versión del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptográficos que podrían permitir la instalación de claves de licencia falsificadas o fraudulentas. Esto permitiría a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticaría y activaría como si fuera una clave de licencia legítima.",
      },
   ],
   id: "CVE-2021-27795",
   lastModified: "2024-11-21T05:58:34.920",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 4.7,
            source: "sirt@brocade.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-12-06T02:15:06.573",
   references: [
      {
         source: "sirt@brocade.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289",
      },
   ],
   sourceIdentifier: "sirt@brocade.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "sirt@brocade.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}