Vulnerabilites related to broadcom - brocade_6520
cve-2021-27795
Vulnerability from cvelistv5
Published
2023-12-06 01:16
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Brocade Fabric OS (FOS) hardware
platforms running any version of Brocade Fabric OS software, which
supports the license string format; contain cryptographic
issues that could allow for the installation of forged or fraudulent
license keys. This would allow attackers or a malicious party to forge a
counterfeit license key that the Brocade Fabric OS platform would
authenticate and activate as if it were a legitimate license key.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Brocade | Brocade Switches |
Version: All Version |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:15.653Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Brocade Switches", vendor: "Brocade", versions: [ { status: "affected", version: "All Version", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>\nBrocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. <br><br></div>", }, ], value: "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n", }, ], impacts: [ { capecId: "CAPEC-20", descriptions: [ { lang: "en", value: "CAPEC-20 Encryption Brute Forcing", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-06T01:16:07.122Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289", }, ], source: { discovery: "UNKNOWN", }, title: "License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2021-27795", datePublished: "2023-12-06T01:16:07.122Z", dateReserved: "2021-02-26T20:18:01.346Z", dateUpdated: "2024-08-03T21:33:15.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-12-06 02:15
Modified
2024-11-21 05:58
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Brocade Fabric OS (FOS) hardware
platforms running any version of Brocade Fabric OS software, which
supports the license string format; contain cryptographic
issues that could allow for the installation of forged or fraudulent
license keys. This would allow attackers or a malicious party to forge a
counterfeit license key that the Brocade Fabric OS platform would
authenticate and activate as if it were a legitimate license key.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | fabric_operating_system | * | |
broadcom | brocade_300 | - | |
broadcom | brocade_610 | - | |
broadcom | brocade_6505 | - | |
broadcom | brocade_6510 | - | |
broadcom | brocade_6520 | - | |
broadcom | brocade_7800 | - | |
broadcom | brocade_7810 | - | |
broadcom | brocade_7840 | - | |
broadcom | brocade_g620 | - | |
broadcom | brocade_g630 | - | |
broadcom | brocade_x6-4_director | - | |
broadcom | brocade_x6-8_director | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", matchCriteriaId: "0A924BA8-278D-42F8-9A38-AE1087384629", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:broadcom:brocade_300:-:*:*:*:*:*:*:*", matchCriteriaId: "514B80C9-FB9A-46FF-A58F-F90D695CD6EF", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_610:-:*:*:*:*:*:*:*", matchCriteriaId: "71B3C11A-72A1-40E7-8062-FDCE8B31BF45", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_6505:-:*:*:*:*:*:*:*", matchCriteriaId: "BFE32859-8F51-41C0-829F-E2C7C70D2B32", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_6510:-:*:*:*:*:*:*:*", matchCriteriaId: "EB73E604-D2BA-463E-8F89-B6FA2D762C49", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_6520:-:*:*:*:*:*:*:*", matchCriteriaId: "1AD15038-420D-456C-9E46-1F68730D5294", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_7800:-:*:*:*:*:*:*:*", matchCriteriaId: "A3E8C687-7999-4FC9-B6F0-8235808B2113", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_7810:-:*:*:*:*:*:*:*", matchCriteriaId: "E297EC07-ACD9-44CB-A52E-E8D77F1AB3B8", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_7840:-:*:*:*:*:*:*:*", matchCriteriaId: "3A3BC204-ED15-4F07-A493-D688A02E2AF4", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_g620:-:*:*:*:*:*:*:*", matchCriteriaId: "D3C167A2-3A1D-4A7C-8BB0-E923F774DAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_g630:-:*:*:*:*:*:*:*", matchCriteriaId: "3CBE84E8-4D66-4CE7-B6D9-F67F92014C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_x6-4_director:-:*:*:*:*:*:*:*", matchCriteriaId: "03D3425B-AADB-4507-9D9D-907BD49359B0", vulnerable: false, }, { criteria: "cpe:2.3:h:broadcom:brocade_x6-8_director:-:*:*:*:*:*:*:*", matchCriteriaId: "1FF27302-C9A5-4C62-B97D-BFEDAE2F9F5E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n", }, { lang: "es", value: "Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versión del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptográficos que podrían permitir la instalación de claves de licencia falsificadas o fraudulentas. Esto permitiría a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticaría y activaría como si fuera una clave de licencia legítima.", }, ], id: "CVE-2021-27795", lastModified: "2024-11-21T05:58:34.920", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 4.7, source: "sirt@brocade.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-06T02:15:06.573", references: [ { source: "sirt@brocade.com", tags: [ "Vendor Advisory", ], url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289", }, ], sourceIdentifier: "sirt@brocade.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "sirt@brocade.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }