All the vulnerabilites related to broadcom - fabric_operating_system
cve-2020-15375
Vulnerability from cvelistv5
Published
2020-12-11 20:34
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T20:34:43",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15375",
"datePublished": "2020-12-11T20:34:43",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:19.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6225
Vulnerability from cvelistv5
Published
2018-02-08 22:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade FABRIC OS |
Version: all versions before 7.4.2b, v8.1.2 and 8.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade FABRIC OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions before 7.4.2b, v8.1.2 and 8.2.0"
}
]
}
],
"datePublic": "2018-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T09:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"DATE_PUBLIC": "2018-01-31T00:00:00",
"ID": "CVE-2017-6225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade FABRIC OS",
"version": {
"version_data": [
{
"version_value": "all versions before 7.4.2b, v8.1.2 and 8.2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2017-6225",
"datePublished": "2018-02-08T22:00:00Z",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-09-16T23:36:49.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19050
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4258-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html | x_refsource_MISC | |
| https://usn.ubuntu.com/4284-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T20:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"name": "FEDORA-2019-021c968423",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4258-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"name": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"name": "USN-4284-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4284-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19050",
"datePublished": "2019-11-18T05:23:47",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33181
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2083"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands \u201cconfigshow\u201d and \u201csupportlink\u201d."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2083"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33181",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8202
Vulnerability from cvelistv5
Published
2017-05-08 18:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038401 | vdb-entry, x_refsource_SECTRACK | |
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98332 | vdb-entry, x_refsource_BID | |
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Fibre Channel SAN products running Brocade Fabric OS (FOS). |
Version: Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038401",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038401"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03739en_us"
},
{
"name": "98332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98332"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fibre Channel SAN products running Brocade Fabric OS (FOS).",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b"
}
]
}
],
"datePublic": "2017-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T18:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"name": "1038401",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038401"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03739en_us"
},
{
"name": "98332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98332"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2016-8202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fibre Channel SAN products running Brocade Fabric OS (FOS).",
"version": {
"version_data": [
{
"version_value": "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038401",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038401"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03739en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03739en_us"
},
{
"name": "98332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98332"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2016-8202",
"datePublished": "2017-05-08T18:00:00",
"dateReserved": "2016-09-13T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3489
Vulnerability from cvelistv5
Published
2023-08-30 23:56
Modified
2024-10-01 18:11
Severity ?
EPSS score ?
Summary
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231124-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:10:53.141684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:11:15.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Director",
"Switches",
"Extension Switches"
],
"product": "Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS v9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \nfirmwaredownload command on Brocade Fabric OS v9.2.0 could log the \nFTP/SFTP/SCP server password in clear text in the SupportSave file when \nperforming a downgrade from Fabric OS v9.2.0 to any earlier version of \nFabric OS.\n\n"
}
],
"value": "The \nfirmwaredownload command on Brocade Fabric OS v9.2.0 could log the \nFTP/SFTP/SCP server password in clear text in the SupportSave file when \nperforming a downgrade from Fabric OS v9.2.0 to any earlier version of \nFabric OS.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T23:56:18.010Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "firmwaredownload command could log servers passwords in clear text",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The workaround is to use the web interface, REST API or to run the \u201cfirmwaredownload \u201c command in interactive mode.\u003cbr\u003e"
}
],
"value": "The workaround is to use the web interface, REST API or to run the \u201cfirmwaredownload \u201c command in interactive mode.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-3489",
"datePublished": "2023-08-30T23:56:07.070Z",
"dateReserved": "2023-06-30T20:35:33.224Z",
"dateUpdated": "2024-10-01T18:11:15.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27791
Vulnerability from cvelistv5
Published
2021-08-12 14:27
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210819-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS before Brocade Fabric OS v9.0.1a and v8.2.3a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS before Brocade Fabric OS v9.0.1a and v8.2.3a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T09:06:18",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS before Brocade Fabric OS v9.0.1a and v8.2.3a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210819-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27791",
"datePublished": "2021-08-12T14:27:35",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28170
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-28170",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-03-29T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6436
Vulnerability from cvelistv5
Published
2018-11-08 19:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T18:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6436",
"datePublished": "2018-11-08T19:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27796
Vulnerability from cvelistv5
Published
2022-02-21 17:49
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the \u201cuser\u201d or \u201cfactory\u201d account, to read the contents of any file on the filesystem utilizing one of a few available binaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileged File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T17:49:34",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the \u201cuser\u201d or \u201cfactory\u201d account, to read the contents of any file on the filesystem utilizing one of a few available binaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27796",
"datePublished": "2022-02-21T17:49:34",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15373
Vulnerability from cvelistv5
Published
2020-09-25 13:10
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:10:49",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1082",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15373",
"datePublished": "2020-09-25T13:10:49",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15372
Vulnerability from cvelistv5
Published
2020-09-25 13:10
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:10:40",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15372",
"datePublished": "2020-09-25T13:10:40",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27789
Vulnerability from cvelistv5
Published
2022-03-18 17:59
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program\u0027s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T17:59:09",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program\u0027s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information Into Debugging Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27789",
"datePublished": "2022-03-18T17:59:09",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28169
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator\u0027s authorization header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-28169",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-03-29T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6227
Vulnerability from cvelistv5
Published
2018-02-08 22:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade FABRIC OS |
Version: all versions before 7.4.2b, 8.1.2 and 8.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade FABRIC OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions before 7.4.2b, 8.1.2 and 8.2.0"
}
]
}
],
"datePublic": "2018-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T18:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"DATE_PUBLIC": "2018-01-31T00:00:00",
"ID": "CVE-2017-6227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade FABRIC OS",
"version": {
"version_data": [
{
"version_value": "all versions before 7.4.2b, 8.1.2 and 8.2.0"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2017-6227",
"datePublished": "2018-02-08T22:00:00Z",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-09-16T19:10:54.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29661
Vulnerability from cvelistv5
Published
2020-12-09 16:57
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"name": "[oss-security] 20201210 2 kernel issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"name": "FEDORA-2020-b732958765",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"name": "FEDORA-2020-bc0cc81a7a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T18:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"name": "[oss-security] 20201210 2 kernel issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"name": "FEDORA-2020-b732958765",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"name": "FEDORA-2020-bc0cc81a7a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"name": "[oss-security] 20201210 2 kernel issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"name": "FEDORA-2020-b732958765",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"name": "FEDORA-2020-bc0cc81a7a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"name": "DSA-4843",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29661",
"datePublished": "2020-12-09T16:57:41",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6441
Vulnerability from cvelistv5
Published
2018-11-08 14:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-734 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T13:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-734",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6441",
"datePublished": "2018-11-08T14:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27792
Vulnerability from cvelistv5
Published
2021-08-12 14:24
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before v9.0.1a, and v8.2.3a, and v7.4.2h |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before v9.0.1a, and v8.2.3a, and v7.4.2h"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "system crash",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-20T16:34:13",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before v9.0.1a, and v8.2.3a, and v7.4.2h"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "system crash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1490",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1490"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210819-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27792",
"datePublished": "2021-08-12T14:24:27",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27797
Vulnerability from cvelistv5
Published
2022-02-21 17:49
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "hard coded credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T17:49:35",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "hard coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27797",
"datePublished": "2022-02-21T17:49:35",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6438
Vulnerability from cvelistv5
Published
2018-11-08 19:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T18:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6438",
"datePublished": "2018-11-08T19:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31425
Vulnerability from cvelistv5
Published
2023-08-01 20:34
Modified
2024-10-18 20:20
Severity ?
EPSS score ?
Summary
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T20:19:05.869901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T20:20:48.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fabric OS ",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, \u201croot\u201d account access is disabled.\u003c/span\u003e\n\n"
}
],
"value": "\nA vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, \u201croot\u201d account access is disabled.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation ",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T23:02:55.548Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation via the fosexec command",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-31425",
"datePublished": "2023-08-01T20:34:47.165Z",
"dateReserved": "2023-04-28T00:14:58.124Z",
"dateUpdated": "2024-10-18T20:20:48.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31426
Vulnerability from cvelistv5
Published
2023-08-01 21:18
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade | Brocade Fabric OS |
Version: before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T14:15:50.047091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:01:31.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:31.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brocade Fabric OS ",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cp\u003eThe Brocade Fabric OS Commands \u201cconfigupload\u201d and \u201cconfigdownload\u201d before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\u003c/p\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nThe Brocade Fabric OS Commands \u201cconfigupload\u201d and \u201cconfigdownload\u201d before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T21:16:11.404Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "scp, sftp, ftp servers passwords in supportsave",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-31426",
"datePublished": "2023-08-01T21:18:55.037Z",
"dateReserved": "2023-04-28T00:14:58.124Z",
"dateUpdated": "2024-08-02T14:53:31.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31427
Vulnerability from cvelistv5
Published
2023-08-01 22:46
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:31.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22379"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "after 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBrocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, \u201croot\u201d account access is disabled.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\nBrocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, \u201croot\u201d account access is disabled.\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T23:03:22.805Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22379"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Knowledge of full path name",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-31427",
"datePublished": "2023-08-01T22:46:17.756Z",
"dateReserved": "2023-04-28T00:14:58.125Z",
"dateUpdated": "2024-08-02T14:53:31.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15386
Vulnerability from cvelistv5
Published
2021-06-09 15:43
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1495 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210819-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions after v9.0.0 and before v9.0.1a, and Brocade Fabric OS versions after v8.2.2d and before v8.2.3a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1495"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions after v9.0.0 and before v9.0.1a, and Brocade Fabric OS versions after v8.2.2d and before v8.2.3a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T09:06:23",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1495"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions after v9.0.0 and before v9.0.1a, and Brocade Fabric OS versions after v8.2.2d and before v8.2.3a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1495",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1495"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210819-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15386",
"datePublished": "2021-06-09T15:43:02",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6433
Vulnerability from cvelistv5
Published
2018-11-08 14:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-728 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T13:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-728",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6433",
"datePublished": "2018-11-08T14:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15374
Vulnerability from cvelistv5
Published
2020-09-25 13:11
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:11:22",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15374",
"datePublished": "2020-09-25T13:11:22",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33184
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:19.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2080"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Buffer Overflow and Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2080"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0009/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33184",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:19.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22876
Vulnerability from cvelistv5
Published
2021-04-01 17:45
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | https://github.com/curl/curl |
Version: 7.1.1 to and including 7.75.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1101882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"name": "GLSA-202105-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.1.1 to and including 7.75.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "Privacy Violation (CWE-359)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:06:57",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1101882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"name": "GLSA-202105-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.1.1 to and including 7.75.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privacy Violation (CWE-359)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1101882",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1101882"
},
{
"name": "https://curl.se/docs/CVE-2021-22876.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"name": "GLSA-202105-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22876",
"datePublished": "2021-04-01T17:45:18",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16203
Vulnerability from cvelistv5
Published
2020-02-05 15:16
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200511-0008/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade | Brocade Fabric OS |
Version: Brocade Fabric OS Versions before v8.2.2a and v8.2.1d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T16:06:27",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d"
}
]
}
}
]
},
"vendor_name": "Brocade"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200511-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16203",
"datePublished": "2020-02-05T15:16:01",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6442
Vulnerability from cvelistv5
Published
2018-11-08 14:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T13:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6442",
"datePublished": "2018-11-08T14:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31429
Vulnerability from cvelistv5
Published
2023-08-01 20:20
Modified
2024-10-15 14:12
Severity ?
EPSS score ?
Summary
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T14:08:06.655868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:12:35.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "before Brocade Fabric OS v9.1.1c, v9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBrocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as \u201cchassisdistribute\u201d, \u201creboot\u201d, \u201crasman\u201d, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.\u003c/span\u003e"
}
],
"value": "Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as \u201cchassisdistribute\u201d, \u201creboot\u201d, \u201crasman\u201d, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal."
}
],
"impacts": [
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155: Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:53:45.190Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple commands print sensitive information in the terminal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-31429",
"datePublished": "2023-08-01T20:20:52.128Z",
"dateReserved": "2023-04-28T00:14:58.125Z",
"dateUpdated": "2024-10-15T14:12:35.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27795
Vulnerability from cvelistv5
Published
2023-12-06 01:16
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Brocade Fabric OS (FOS) hardware
platforms running any version of Brocade Fabric OS software, which
supports the license string format; contain cryptographic
issues that could allow for the installation of forged or fraudulent
license keys. This would allow attackers or a malicious party to forge a
counterfeit license key that the Brocade Fabric OS platform would
authenticate and activate as if it were a legitimate license key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade | Brocade Switches |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brocade Switches",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "All Version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nBrocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-20",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-20 Encryption Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T01:16:07.122Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27795",
"datePublished": "2023-12-06T01:16:07.122Z",
"dateReserved": "2021-02-26T20:18:01.346Z",
"dateUpdated": "2024-08-03T21:33:15.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6437
Vulnerability from cvelistv5
Published
2018-11-08 19:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T18:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6437",
"datePublished": "2018-11-08T19:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33182
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands \u201csupportlink\u201d, \u201cfirmwaredownload\u201d, \u201cportcfgupload, license, and \u201cfosexec\u201d."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33182",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4163
Vulnerability from cvelistv5
Published
2023-08-31 00:04
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
In
Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
can trigger a buffer overflow condition, leading to a kernel panic with
large input to buffers in the portcfgfportbuffers command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade | Brocade Fabric OS |
Version: Fabric OS before v9.2.0a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Directors",
"Embedded Switches",
"Switches"
],
"product": "Brocade Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Fabric OS before v9.2.0a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nIn\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"
}
],
"value": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T00:04:39.287Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-4163",
"datePublished": "2023-08-31T00:04:39.287Z",
"dateReserved": "2023-08-04T18:24:36.610Z",
"dateUpdated": "2024-08-02T07:17:12.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15370
Vulnerability from cvelistv5
Published
2020-09-25 13:09
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unprotected Storage of Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:09:32",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1079",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15370",
"datePublished": "2020-09-25T13:09:32",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15369
Vulnerability from cvelistv5
Published
2020-09-25 13:08
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users\u2019 credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unprotected Storage of Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:08:45",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users\u2019 credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15369",
"datePublished": "2020-09-25T13:08:45",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18805
Vulnerability from cvelistv5
Published
2019-11-07 13:08
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2020:0740 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"name": "openSUSE-SU-2019:2503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2507",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"name": "openSUSE-SU-2019:2503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2507",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"name": "openSUSE-SU-2019:2503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2507",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "RHSA-2020:0740",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18805",
"datePublished": "2019-11-07T13:08:05",
"dateReserved": "2019-11-07T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15371
Vulnerability from cvelistv5
Published
2020-09-25 13:10
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions after v8.0.0 and before Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions after v8.0.0 and before Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:10:23",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions after v8.0.0 and before Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1080",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15371",
"datePublished": "2020-09-25T13:10:23",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:19.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13645
Vulnerability from cvelistv5
Published
2020-05-28 11:55
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 | x_refsource_MISC | |
| https://gitlab.gnome.org/GNOME/balsa/-/issues/34 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0004/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4405-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202007-50 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/balsa/-/issues/34"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0004/"
},
{
"name": "FEDORA-2020-98ebbd1397",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/"
},
{
"name": "FEDORA-2020-cadbc5992f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/"
},
{
"name": "FEDORA-2020-a83c8cd358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/"
},
{
"name": "USN-4405-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4405-1/"
},
{
"name": "GLSA-202007-50",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server\u0027s TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T03:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/balsa/-/issues/34"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0004/"
},
{
"name": "FEDORA-2020-98ebbd1397",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/"
},
{
"name": "FEDORA-2020-cadbc5992f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/"
},
{
"name": "FEDORA-2020-a83c8cd358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/"
},
{
"name": "USN-4405-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4405-1/"
},
{
"name": "GLSA-202007-50",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server\u0027s TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135"
},
{
"name": "https://gitlab.gnome.org/GNOME/balsa/-/issues/34",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/balsa/-/issues/34"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0004/"
},
{
"name": "FEDORA-2020-98ebbd1397",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/"
},
{
"name": "FEDORA-2020-cadbc5992f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/"
},
{
"name": "FEDORA-2020-a83c8cd358",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/"
},
{
"name": "USN-4405-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4405-1/"
},
{
"name": "GLSA-202007-50",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13645",
"datePublished": "2020-05-28T11:55:39",
"dateReserved": "2020-05-28T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15383
Vulnerability from cvelistv5
Published
2021-06-09 14:32
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210819-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before v9.0.0, v8.2.2d, and v8.2.1e |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before v9.0.0, v8.2.2d, and v8.2.1e"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denail of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T09:06:25",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before v9.0.0, v8.2.2d, and v8.2.1e"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denail of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210819-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15383",
"datePublished": "2021-06-09T14:32:31",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33180
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with \u201cseccryptocfg\u201d, \u201cconfigupload\u201d."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33180",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6449
Vulnerability from cvelistv5
Published
2020-09-25 13:08
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before v9.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before v9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Host Header Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:08:24",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before v9.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Host Header Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1077",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6449",
"datePublished": "2020-09-25T13:08:25",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6440
Vulnerability from cvelistv5
Published
2018-12-03 22:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-03T21:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"DATE_PUBLIC": "2018-10-29T00:00:00",
"ID": "CVE-2018-6440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6440",
"datePublished": "2018-12-03T22:00:00Z",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-09-16T23:56:21.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29660
Vulnerability from cvelistv5
Published
2020-12-09 16:57
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
},
{
"name": "[oss-security] 20201210 2 kernel issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"name": "FEDORA-2020-b732958765",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"name": "FEDORA-2020-bc0cc81a7a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T18:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
},
{
"name": "[oss-security] 20201210 2 kernel issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"name": "FEDORA-2020-b732958765",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"name": "FEDORA-2020-bc0cc81a7a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
},
{
"name": "[oss-security] 20201210 2 kernel issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"name": "FEDORA-2020-b732958765",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"name": "FEDORA-2020-bc0cc81a7a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"name": "DSA-4843",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"name": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29660",
"datePublished": "2020-12-09T16:57:56",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3596
Vulnerability from cvelistv5
Published
2024-07-09 12:02
Modified
2024-08-29 14:32
Severity ?
EPSS score ?
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rfc",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T03:55:37.141738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T20:18:28.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-29T14:32:14.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
},
{
"url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"tags": [
"x_transferred"
],
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.blastradius.fail/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "RFC",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-328: Use of Weak Hash",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:08:23.145Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"url": "https://www.blastradius.fail/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3596",
"datePublished": "2024-07-09T12:02:53.001Z",
"dateReserved": "2024-04-10T15:09:45.391Z",
"dateUpdated": "2024-08-29T14:32:14.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22890
Vulnerability from cvelistv5
Published
2021-04-01 17:46
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1129529 | x_refsource_MISC | |
| https://curl.se/docs/CVE-2021-22890.html | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202105-36 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210521-0007/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | https://github.com/curl/curl |
Version: 7.63.0 to and including 7.75.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1129529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22890.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "GLSA-202105-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.63.0 to and including 7.75.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "Man-in-the-Middle (CWE-300)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:08:39",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1129529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22890.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "GLSA-202105-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.63.0 to and including 7.75.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-Middle (CWE-300)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1129529",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1129529"
},
{
"name": "https://curl.se/docs/CVE-2021-22890.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22890.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "GLSA-202105-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22890",
"datePublished": "2021-04-01T17:46:17",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15388
Vulnerability from cvelistv5
Published
2022-03-18 17:59
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T17:59:10",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15388",
"datePublished": "2022-03-18T17:59:10",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27793
Vulnerability from cvelistv5
Published
2021-08-12 14:24
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1553 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210819-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also before Brocade Fabric OS v8.2.3a and after v8.2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also before Brocade Fabric OS v8.2.3a and after v8.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T09:06:33",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also before Brocade Fabric OS v8.2.3a and after v8.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1553",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1553"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210819-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27793",
"datePublished": "2021-08-12T14:24:18",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6435
Vulnerability from cvelistv5
Published
2018-11-08 14:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-729 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T13:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-729",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6435",
"datePublished": "2018-11-08T14:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1967
Vulnerability from cvelistv5
Published
2020-04-21 13:45
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-20:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
},
{
"name": "DSA-4661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4661"
},
{
"name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
},
{
"name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "GLSA-202004-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202004-10"
},
{
"name": "FEDORA-2020-fcc91a28e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
},
{
"name": "FEDORA-2020-da2d1ef2d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
},
{
"name": "20200501 CVE-2020-1967: proving sigalg != NULL",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/May/5"
},
{
"name": "FEDORA-2020-d7b29838f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
},
{
"name": "openSUSE-SU-2020:0933",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0945",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20200421.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/irsl/CVE-2020-1967"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bernd Edlinger"
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:39:19",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "FreeBSD-SA-20:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
},
{
"name": "DSA-4661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4661"
},
{
"name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
},
{
"name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "GLSA-202004-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202004-10"
},
{
"name": "FEDORA-2020-fcc91a28e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
},
{
"name": "FEDORA-2020-da2d1ef2d7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
},
{
"name": "20200501 CVE-2020-1967: proving sigalg != NULL",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/May/5"
},
{
"name": "FEDORA-2020-d7b29838f6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
},
{
"name": "openSUSE-SU-2020:0933",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0945",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2020-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20200421.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/irsl/CVE-2020-1967"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2020-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "Segmentation fault in SSL_check_chain",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2020-04-21",
"ID": "CVE-2020-1967",
"STATE": "PUBLIC",
"TITLE": "Segmentation fault in SSL_check_chain"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bernd Edlinger"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-20:11",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
},
{
"name": "DSA-4661",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4661"
},
{
"name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
},
{
"name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "GLSA-202004-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202004-10"
},
{
"name": "FEDORA-2020-fcc91a28e8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
},
{
"name": "FEDORA-2020-da2d1ef2d7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
},
{
"name": "20200501 CVE-2020-1967: proving sigalg != NULL",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/May/5"
},
{
"name": "FEDORA-2020-d7b29838f6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
},
{
"name": "openSUSE-SU-2020:0933",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0945",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.tenable.com/security/tns-2020-03",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2020-03"
},
{
"name": "https://www.openssl.org/news/secadv/20200421.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20200421.txt"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200424-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
},
{
"name": "https://github.com/irsl/CVE-2020-1967",
"refsource": "MISC",
"url": "https://github.com/irsl/CVE-2020-1967"
},
{
"name": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_05",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
},
{
"name": "https://www.tenable.com/security/tns-2020-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2020-04"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200717-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.tenable.com/security/tns-2020-11",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.tenable.com/security/tns-2021-10",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2020-1967",
"datePublished": "2020-04-21T13:45:15.136203Z",
"dateReserved": "2019-12-03T00:00:00",
"dateUpdated": "2024-09-17T03:13:46.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27794
Vulnerability from cvelistv5
Published
2021-08-12 14:25
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210819-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Empty Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T09:06:35",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Empty Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210819-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27794",
"datePublished": "2021-08-12T14:25:00",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15376
Vulnerability from cvelistv5
Published
2020-12-11 20:34
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before v9.0.0 and after version v8.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before v9.0.0 and after version v8.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with \"user\" privileges if it is not associated with any groups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ldap authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T20:34:24",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before v9.0.0 and after version v8.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with \"user\" privileges if it is not associated with any groups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ldap authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15376",
"datePublished": "2020-12-11T20:34:24",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1663
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12464 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/11108 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=109435831811484&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17290 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12464"
},
{
"name": "11108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"name": "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"name": "engenio-controller-tcp-dos(17290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12464"
},
{
"name": "11108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"name": "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"name": "engenio-controller-tcp-dos(17290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12464"
},
{
"name": "11108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11108"
},
{
"name": "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"name": "engenio-controller-tcp-dos(17290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1663",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-21T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33178
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2077"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS 9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2077"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33178",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4376
Vulnerability from cvelistv5
Published
2016-08-22 10:00
Modified
2024-08-06 00:25
Severity ?
EPSS score ?
Summary
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92480 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212"
},
{
"name": "92480",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212"
},
{
"name": "92480",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212"
},
{
"name": "92480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4376",
"datePublished": "2016-08-22T10:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15387
Vulnerability from cvelistv5
Published
2021-06-09 15:24
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade SANnav & Brocade Fabric OS |
Version: Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0 and Brocade SANnav v2.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade SANnav \u0026 Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0 and Brocade SANnav v2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T15:24:45",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2020-15387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade SANnav \u0026 Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0 and Brocade SANnav v2.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2020-15387",
"datePublished": "2021-06-09T15:24:45",
"dateReserved": "2020-06-29T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-29954
Vulnerability from cvelistv5
Published
2024-06-25 23:42
Modified
2024-08-22 18:03
Severity ?
EPSS score ?
Summary
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.
Detail.
When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T15:04:17.122827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T15:04:23.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-22T18:03:11.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.\u003c/p\u003e\u003cp\u003eDetail.\u003cbr\u003eWhen the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. \u003c/p\u003e\n\n"
}
],
"value": "A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.\n\nDetail.\nWhen the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T23:42:50.227Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSecurity update provided in Brocade Fabric OS v9.2.1, v9.2.0b, v9.1.1d, v8.2.3e\u003c/p\u003e"
}
],
"value": "Security update provided in Brocade Fabric OS v9.2.1, v9.2.0b, v9.1.1d, v8.2.3e"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "password management API prints sensitive information in log files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2024-29954",
"datePublished": "2024-06-25T23:42:50.227Z",
"dateReserved": "2024-03-22T05:00:09.538Z",
"dateUpdated": "2024-08-22T18:03:11.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16204
Vulnerability from cvelistv5
Published
2020-02-05 15:16
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200511-0007/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade | Brocade Fabric OS |
Version: Brocade Fabric OS Versions before v7.4.2f Version: v8.2.2a Version: v8.1.2j and v8.2.1d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS Versions before v7.4.2f"
},
{
"status": "affected",
"version": "v8.2.2a"
},
{
"status": "affected",
"version": "v8.1.2j and v8.2.1d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T16:06:26",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2019-16204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS Versions before v7.4.2f"
},
{
"version_value": "v8.2.2a"
},
{
"version_value": "v8.1.2j and v8.2.1d"
}
]
}
}
]
},
"vendor_name": "Brocade"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200511-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2019-16204",
"datePublished": "2020-02-05T15:16:23",
"dateReserved": "2019-09-10T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27790
Vulnerability from cvelistv5
Published
2021-08-12 14:27
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210819-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "execution of arbitrary code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-20T16:35:48",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "execution of arbitrary code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210819-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27790",
"datePublished": "2021-08-12T14:27:04",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33183
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2085"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in \u201cfirmwaredownload\u201d and \u201cdiagshow\u201d commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2085"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33183",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25013
Vulnerability from cvelistv5
Published
2021-01-04 00:00
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"name": "FEDORA-2021-6feb090c97",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/"
},
{
"name": "FEDORA-2021-6e581c051a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "GLSA-202107-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
},
{
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
},
{
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"name": "FEDORA-2021-6feb090c97",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/"
},
{
"name": "FEDORA-2021-6e581c051a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "GLSA-202107-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
},
{
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25013",
"datePublished": "2021-01-04T00:00:00",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27798
Vulnerability from cvelistv5
Published
2022-08-05 15:24
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions Brocade Fabric OS v7.4.1b, and v7.3.1d. |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T14:57:53.170051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T14:58:04.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions Brocade Fabric OS v7.4.1b, and v7.3.1d."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileged Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:24:40",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2021-27798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions Brocade Fabric OS v7.4.1b, and v7.3.1d."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2021-27798",
"datePublished": "2022-08-05T15:24:40",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6448
Vulnerability from cvelistv5
Published
2020-09-25 13:08
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before v9.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before v9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:08:37",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before v9.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1075",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6448",
"datePublished": "2020-09-25T13:08:37",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6434
Vulnerability from cvelistv5
Published
2018-11-08 14:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-736 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user\u0027s session ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-08T13:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user\u0027s session ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-736",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6434",
"datePublished": "2018-11-08T14:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18683
Vulnerability from cvelistv5
Published
2019-11-04 15:36
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:38.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
},
{
"name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4254-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"name": "USN-4287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T20:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
},
{
"name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4254-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"name": "USN-4287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2019/11/02/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
},
{
"name": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/",
"refsource": "MISC",
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/"
},
{
"name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4254-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4258-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"name": "USN-4287-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"name": "USN-4284-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4284-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18683",
"datePublished": "2019-11-04T15:36:14",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-05T02:02:38.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33185
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33185",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15778
Vulnerability from cvelistv5
Published
2020-07-24 00:00
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openssh",
"vendor": "openbsd",
"versions": [
{
"lessThanOrEqual": "8.3p1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-15778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:59:02.714297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:18.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"name": "GLSA-202212-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T16:53:15.270364",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/security.html"
},
{
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"name": "GLSA-202212-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15778",
"datePublished": "2020-07-24T00:00:00",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6447
Vulnerability from cvelistv5
Published
2020-09-25 13:06
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user\u2019s session and take over the account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflective XSS Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:06:37",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"ID": "CVE-2018-6447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user\u2019s session and take over the account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflective XSS Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1073",
"refsource": "MISC",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6447",
"datePublished": "2020-09-25T13:06:37",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33179
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Brocade Fabric OS |
Version: Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS versions before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with \u201cset context\u201d and escalate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2022-33179",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6439
Vulnerability from cvelistv5
Published
2018-12-03 22:00
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Brocade Communications Systems, Inc. | Brocade Fabric OS |
Version: All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Brocade Fabric OS",
"vendor": "Brocade Communications Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
],
"datePublic": "2018-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-03T21:57:01",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@brocade.com",
"DATE_PUBLIC": "2018-10-29T00:00:00",
"ID": "CVE-2018-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brocade Fabric OS",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d"
}
]
}
}
]
},
"vendor_name": "Brocade Communications Systems, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2018-6439",
"datePublished": "2018-12-03T22:00:00Z",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-09-16T17:54:15.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19069
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | x_refsource_MISC | |
| https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T04:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"name": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"name": "USN-4208-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19069",
"datePublished": "2019-11-18T05:24:14",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 05:58
Severity ?
Summary
A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | 7.3.1d | |
| broadcom | fabric_operating_system | 7.4.1b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.3.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8D767B-55A7-4170-A60C-838AFAD141E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C8237571-12FD-4871-9F30-3D0A9F956E4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "sirt@brocade.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Una vulnerabilidad en Brocade Fabric OS versiones v7.4.1b y v7.3.1d, podr\u00eda permitir a usuarios locales conducir un salto de directorio privilegiado. Brocade Fabric OS versiones v7.4.1.x y v7.3.x, han llegado al final de su vida \u00fatil. Los usuarios de Brocade Fabric OS deben actualizarse a versiones soportadas, tal y como es descrito en el Informe de Publicaci\u00f3n de Fin de Vida del Producto"
}
],
"id": "CVE-2021-27798",
"lastModified": "2024-11-21T05:58:35.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:10.807",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 16:15
Modified
2024-11-21 05:05
Severity ?
Summary
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | brocade_sannav | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 7.4.2 | |
| broadcom | fabric_operating_system | 7.4.2a | |
| broadcom | fabric_operating_system | 7.4.2b | |
| broadcom | fabric_operating_system | 7.4.2c | |
| broadcom | fabric_operating_system | 7.4.2d | |
| broadcom | fabric_operating_system | 7.4.2f | |
| broadcom | fabric_operating_system | 7.4.2g | |
| broadcom | fabric_operating_system | 8.2.1 | |
| broadcom | fabric_operating_system | 8.2.1a | |
| broadcom | fabric_operating_system | 8.2.1b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F078016A-D256-4A68-9C65-DF23B6858158",
"versionEndExcluding": "2.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31DFB192-EA22-4604-85ED-0A34E0DBF384",
"versionEndExcluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEAE07D-906E-4B7C-B577-14D15CFFB69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "8A589310-66AB-4D4F-A332-64E245AB1D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "F633FD3F-8224-4D96-BD0C-55EA218D4364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "656001D2-F17B-49C0-9F38-E84B5CE3E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "9761DF12-141D-4109-805D-449B5495ACB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "DD207CDF-7BF9-4FBD-86C4-C24B66D219FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "518C9470-B56D-4B6C-99F9-20DEB3F86BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications."
},
{
"lang": "es",
"value": "Los servidores SSH del host de Brocade Fabric OS versiones anteriores a v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, y Brocade SANnav versiones anteriores a v2.1.1, utilizan claves de menos de 2048 bits, que pueden ser vulnerables a ataques de tipo man-in-the-middle y/o a comunicaciones SSH no seguras"
}
],
"id": "CVE-2020-15387",
"lastModified": "2024-11-21T05:05:27.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T16:15:08.307",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-01 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | libcurl | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| broadcom | fabric_operating_system | - | |
| debian | debian_linux | 9.0 | |
| siemens | sinec_infrastructure_network_services | * | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | essbase | 21.2 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7911980-1217-467C-8423-6D8928FACF70",
"versionEndIncluding": "7.75.0",
"versionStartIncluding": "7.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request."
},
{
"lang": "es",
"value": "curl versiones 7.1.1 hasta 7.75.0 incluy\u00e9ndola, es vulnerable a una \"Exposure of Private Personal Information to an Unauthorized Actor\" al filtrar credenciales en el encabezado HTTP Referer:.\u0026#xa0;libcurl no elimina las credenciales de usuario de la URL cuando completa autom\u00e1ticamente el campo de encabezado de petici\u00f3n HTTP Referer: en peticiones HTTP salientes y, por lo tanto, corre el riesgo de filtrar datos confidenciales al servidor que es el objetivo de la segunda petici\u00f3n HTTP."
}
],
"id": "CVE-2021-22876",
"lastModified": "2024-11-21T05:50:49.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-01T18:15:12.823",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1101882"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1101882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28897387-F3CA-441E-8290-E32C1BBFEED8",
"versionEndExcluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.0, podr\u00eda permitir a un atacante remoto llevar a cabo un ataque de denegaci\u00f3n de servicio en el host vulnerable"
}
],
"id": "CVE-2018-6448",
"lastModified": "2024-11-21T04:10:42.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.190",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1075"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-09 17:15
Modified
2024-11-21 05:24
Severity ?
Summary
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FC0FB1-DC18-46A4-A31B-F97DD3EE3137",
"versionEndExcluding": "4.4.248",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B21174F6-B764-44AB-A945-3D629DBB3B13",
"versionEndExcluding": "4.9.248",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCD12D6-C35F-4079-B6BA-3F788CFC6FB3",
"versionEndExcluding": "4.14.212",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9079A481-FEBA-4CEC-A294-9B95706DDF17",
"versionEndExcluding": "4.19.163",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C60D505-E4D6-40DF-A835-9094A5DFDDBC",
"versionEndExcluding": "5.4.83",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6E3D6-0F55-42F3-A3BA-AA6E149E1C5F",
"versionEndExcluding": "5.9.14",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. El archivo drivers/tty/tty_jobctrl.c, permite un ataque de uso de la memoria previamente liberada contra TIOCSPGRP, tambi\u00e9n se conoce como CID-54ffccbf053b"
}
],
"id": "CVE-2020-29661",
"lastModified": "2024-11-21T05:24:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-09T17:15:31.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 12:15
Modified
2024-12-30 19:23
Severity ?
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| broadcom | brocade_sannav | - | |
| broadcom | fabric_operating_system | - | |
| sonicwall | sonicos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C73FF4C-13DE-4050-BD56-447F9382AA4D",
"versionEndExcluding": "3.0.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75B1EDA5-F189-440D-AD0E-C70DD2C0FEE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF61DAA-8295-4407-B125-1714E1565965",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
},
{
"lang": "es",
"value": "El protocolo RADIUS seg\u00fan RFC 2865 es susceptible a ataques de falsificaci\u00f3n por parte de un atacante local que puede modificar cualquier respuesta v\u00e1lida (acceso-aceptaci\u00f3n, acceso-rechazo o acceso-desaf\u00edo) a cualquier otra respuesta utilizando un ataque de colisi\u00f3n de prefijo elegido contra la firma del autenticador de respuesta MD5. ."
}
],
"id": "CVE-2024-3596",
"lastModified": "2024-12-30T19:23:20.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-09T12:15:20.700",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description"
],
"url": "https://www.blastradius.fail/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://www.blastradius.fail/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
},
{
"lang": "en",
"value": "CWE-924"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-22 10:59
Modified
2024-11-21 02:51
Severity ?
Summary
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 8.0.0 | |
| hp | storefabric_b_series_switch | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1708153E-FD12-4E9B-8818-FFF178D82820",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A234DD0C-6C62-4A5E-B093-14F54710C2F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:storefabric_b_series_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD6AFC-7D41-430D-9AA0-581D9DD1BDDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "HPE FOS en versiones anteriores a 7.4.1d y 8.x en versiones anteriores a 8.0.1 en interruptores StoreFabric B permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4376",
"lastModified": "2024-11-21T02:51:58.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-22T10:59:05.683",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92480"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05236212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 05:05
Severity ?
Summary
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | 8.2.1 | |
| broadcom | fabric_operating_system | 8.2.1a | |
| broadcom | fabric_operating_system | 8.2.1b | |
| broadcom | fabric_operating_system | 8.2.1c | |
| broadcom | fabric_operating_system | 8.2.1d | |
| broadcom | fabric_operating_system | 8.2.2 | |
| broadcom | fabric_operating_system | 8.2.2a | |
| broadcom | fabric_operating_system | 8.2.2a1 | |
| broadcom | fabric_operating_system | 8.2.2b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B244FB24-0767-4DC4-9988-ED8C5D9D9A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA4E8C-F140-4E39-9A6F-7883F2822499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users\u2019 credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host."
},
{
"lang": "es",
"value": "La CLI de Supportlink en Brocade Fabric OS Versiones v8.2.1 hasta v8.2.1d, y versiones 8.2.2 anteriores a v8.2.2c, no oculta el campo password, lo que podr\u00eda exponer las credenciales de usuarios del servidor remoto.\u0026#xa0;Un usuario autenticado podr\u00eda obtener las credenciales de contrase\u00f1a expuestas para conseguir acceso al host remoto"
}
],
"id": "CVE-2020-15369",
"lastModified": "2024-11-21T05:05:25.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.453",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 06:56
Severity ?
Summary
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFC3258-F76D-4FC7-993B-47E516F0C0FA",
"versionEndExcluding": "7.4.2j",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "379DA47D-6B21-4524-B0E7-2A41A4C8D446",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file."
},
{
"lang": "es",
"value": "Los servicios de aplicaciones web de Brocade Fabric OS versiones anteriores a Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j, almacenan las contrase\u00f1as del servidor y del usuario en las declaraciones de depuraci\u00f3n. Esto podr\u00eda permitir a un usuario local extraer las contrase\u00f1as de un archivo de depuraci\u00f3n"
}
],
"id": "CVE-2022-28170",
"lastModified": "2024-11-21T06:56:53.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:39.340",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0002/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2076"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 21:15
Modified
2024-11-21 05:05
Severity ?
Summary
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B607C3B-FC6F-471E-AFF0-B1BAA01D6FC6",
"versionEndExcluding": "9.0.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with \"user\" privileges if it is not associated with any groups."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a v9.0.0 y posteriores a versi\u00f3n v8.1.0, configuradas en el modo Virtual Fabric contienen una debilidad en la implementaci\u00f3n de ldap que podr\u00eda permitir a un usuario de LDAP remoto iniciar sesi\u00f3n en el switch Brocade Fibre Channel SAN con privilegios de \"user\" si no est\u00e1 asociado con ning\u00fan grupo"
}
],
"id": "CVE-2020-15376",
"lastModified": "2024-11-21T05:05:26.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T21:15:12.347",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 19:29
Modified
2024-11-21 04:10
Severity ?
Summary
A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el comando firmwaredownload de las versiones de la interfaz de l\u00ednea de comandos (CLI) de Brocade Fabric OS en versiones anteriores a la 8.2.1, 8.1.2f, 8.0.2f, 8.4.2f y 7.4.2d podr\u00eda permitir que un atacante local escape de la shell restringida y obtenga acceso root."
}
],
"id": "CVE-2018-6436",
"lastModified": "2024-11-21T04:10:40.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T19:29:01.940",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 14:29
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n Secure Shell de Brocade Fabric OS en versiones anteriores a la 8.2.1, 8.1.2f, 8.0.2f, 8.4.2f y 7.4.2d podr\u00eda permitir a un atacante local proporcionar variables de entorno arbitrarios y omitir la shell de configuraci\u00f3n restringida."
}
],
"id": "CVE-2018-6441",
"lastModified": "2024-11-21T04:10:41.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T14:29:00.773",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-734"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8BD040-E8F0-4386-B680-19CD1BD381D7",
"versionEndExcluding": "7.4.2.j",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "379DA47D-6B21-4524-B0E7-2A41A4C8D446",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands \u201cconfigshow\u201d and \u201csupportlink\u201d."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j, podr\u00eda permitir a un atacante local autenticado leer archivos confidenciales usando los comandos del switch \"configshow\" y \"supportlink\""
}
],
"id": "CVE-2022-33181",
"lastModified": "2024-11-21T07:07:40.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.557",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0006/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2083"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22BF102C-6F4F-4F6F-BDC4-CA17FDC10DF5",
"versionEndExcluding": "5.3.16",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "989D0C5E-C0BF-49D8-86E2-91A93238FD1E",
"versionEndExcluding": "5.4.3",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17CCD88F-373D-4BB5-B62E-8B55B05E2C31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
"versionEndIncluding": "11.60.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89706810-031B-49F0-B353-FD27FD7B2776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD1E822-1EA6-4E62-A58B-2378149D20DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en la funci\u00f3n crypto_reportstat() en el archivo crypto/crypto_user_stat.c en el kernel de Linux versiones hasta 5.3.11, permite a atacantes causar una denegaci\u00f3n de servicio (consumo de memoria) al desencadenar fallos de la funci\u00f3n crypto_reportstat_alg(), tambi\u00e9n se conoce como CID-c03b04dcdba1."
}
],
"id": "CVE-2019-19050",
"lastModified": "2024-11-21T04:34:04.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-18T06:15:11.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8BD040-E8F0-4386-B680-19CD1BD381D7",
"versionEndExcluding": "7.4.2.j",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in \u201cfirmwaredownload\u201d and \u201cdiagshow\u201d commands."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j, podr\u00eda permitir a un atacante remoto autenticado llevar a cabo un desbordamiento del b\u00fafer de la pila usando en comandos \"firmwaredownload\" y \"diagshow\""
}
],
"id": "CVE-2022-33183",
"lastModified": "2024-11-21T07:07:40.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.723",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0008/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2085"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 05:05
Severity ?
Summary
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "202112E1-F1FD-4791-A971-EDA4F0C32A38",
"versionEndExcluding": "7.4.2g",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a Brocade Fabric OS v7.4.2g, pod\u00edan permitir a un atacante remoto autenticado visualizar una contrase\u00f1a de usuario en texto sin cifrar.\u0026#xa0;La vulnerabilidad es debido al registro incorrecto de la contrase\u00f1a de usuario en los archivos de registro"
}
],
"id": "CVE-2020-15370",
"lastModified": "2024-11-21T05:05:25.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.517",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1079"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-01 21:15
Modified
2024-11-21 08:01
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "063BAB50-FB8B-4DA4-9DBD-430F3827185F",
"versionEndExcluding": "9.1.1c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as \u201cchassisdistribute\u201d, \u201creboot\u201d, \u201crasman\u201d, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal."
},
{
"lang": "es",
"value": "Brocade Fabric OS antes de Brocade Fabric OS v9.1.1c, v9.2.0 contiene una vulnerabilidad al utilizar varios comandos como \"chassisdistribute\", \"reboot\", \"rasman\", errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable y supportshowcfgenable que pueden hacer que se imprima en el terminal el contenido de variables interpretadas por el shell."
}
],
"id": "CVE-2023-31429",
"lastModified": "2024-11-21T08:01:50.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-01T21:15:10.670",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4208-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4208-1/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "316A2191-9BA1-4C58-A61C-29F91E2CF3B7",
"versionEndExcluding": "5.3.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AD561918-619D-4363-8330-53B4B903D2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DCF307A4-6CF2-43FA-94E5-2EBB1033634B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "72D64137-DAA7-40C0-8BAD-9DBCB285BC00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
"versionEndIncluding": "11.60.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89706810-031B-49F0-B353-FD27FD7B2776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD1E822-1EA6-4E62-A58B-2378149D20DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en la funci\u00f3n fastrpc_dma_buf_attach() en el archivo drivers/misc/fastrpc.c en el kernel de Linux versiones anteriores a la versi\u00f3n 5.3.9, permite a atacantes causar una denegaci\u00f3n de servicio (consumo de memoria) al desencadenar fallos de la funci\u00f3n dma_get_sgtable(), tambi\u00e9n se conoce como CID-fc739a058d99."
}
],
"id": "CVE-2019-19069",
"lastModified": "2024-11-21T04:34:07.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-18T06:15:12.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4208-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-01 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | libcurl | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_storage_node | - | |
| broadcom | fabric_operating_system | - | |
| debian | debian_linux | 9.0 | |
| siemens | sinec_infrastructure_network_services | * | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | essbase | 21.2 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "261AE6A4-223F-4131-BB3D-B97EDDBDA37A",
"versionEndIncluding": "7.75.0",
"versionStartIncluding": "7.63.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check."
},
{
"lang": "es",
"value": "curl versiones 7.63.0 hasta 7.75.0 incluy\u00e9ndola, incluye una vulnerabilidad que permite que un proxy HTTPS malicioso acceda a una conexi\u00f3n MITM debido al manejo inapropiado de los tickets de sesi\u00f3n de TLS versi\u00f3n 1.3.\u0026#xa0;Cuando se usa un proxy HTTPS y TLS 1.3, libcurl puede confundir los tickets de sesi\u00f3n que llegan del proxy HTTPS pero funciona como si llegaran del servidor remoto y luego \"short-cut\" incorrectamente el protocolo de enlace del host.\u0026#xa0;Al confundir los tickets, un proxy HTTPS puede enga\u00f1ar a libcurl para que utilice la reanudaci\u00f3n del ticket de sesi\u00f3n incorrecta para el host y, por lo tanto, omitir la verificaci\u00f3n del certificado TLS del servidor y hacer que un ataque MITM sea posible de realizar sin ser detectado.\u0026#xa0;Tome en cuenta que dicho proxy HTTPS malicioso debe proporcionar un certificado que curl aceptar\u00e1 para el servidor MITMed para que funcione un ataque, a menos que se le haya dicho a curl que ignore la verificaci\u00f3n del certificado del servidor."
}
],
"id": "CVE-2021-22890",
"lastModified": "2024-11-21T05:50:51.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-01T18:15:12.917",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2021-22890.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1129529"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2021-22890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1129529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-300"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-26 00:15
Modified
2024-11-21 09:08
Severity ?
5.9 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.
Detail.
When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E81DB5A7-856B-4D79-86FE-45D0EB6CA554",
"versionEndExcluding": "8.2.3e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8271BD31-8795-4D66-A088-B82EDE143FD2",
"versionEndExcluding": "9.1.1d",
"versionStartIncluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64256C4C-AF75-4D8F-80C3-E4EF4AC0CC8E",
"versionEndExcluding": "9.2.0b",
"versionStartIncluding": "9.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.\n\nDetail.\nWhen the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API de administraci\u00f3n de contrase\u00f1as en las versiones de Brocade Fabric OS anteriores a v9.2.1, v9.2.0b, v9.1.1d y v8.2.3e imprime informaci\u00f3n confidencial en archivos de registro. Esto podr\u00eda permitir a un usuario autenticado ver las contrase\u00f1as del servidor para protocolos como scp y sftp. Detalle. Cuando el comando de descarga de firmware se ingresa incorrectamente o apunta a un archivo err\u00f3neo, el registro de descarga de firmware captura el comando fallido, incluida cualquier contrase\u00f1a ingresada en la l\u00ednea de comando."
}
],
"id": "CVE-2024-29954",
"lastModified": "2024-11-21T09:08:41.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-26T00:15:10.263",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240822-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-28 12:15
Modified
2024-11-21 05:01
Severity ?
Summary
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | balsa | * | |
| gnome | balsa | 2.6.0 | |
| gnome | glib-networking | * | |
| gnome | glib-networking | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| netapp | cloud_backup | - | |
| broadcom | fabric_operating_system | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:balsa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0C6B25-3989-4491-B956-EEB2BB7E98DC",
"versionEndExcluding": "2.5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD7DBF7-F15C-4BE2-B4CC-4312A05966B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib-networking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "474CE3E4-30D3-4AE3-9CBB-29EE51772DB4",
"versionEndExcluding": "2.62.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib-networking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF800C2-5EB3-4BF3-8A5E-3B5CB1391A13",
"versionEndExcluding": "2.64.3",
"versionStartIncluding": "2.64.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server\u0027s TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host."
},
{
"lang": "es",
"value": "En GNOME glib-networking versiones hasta 2.64.2, la implementaci\u00f3n de GTlsClientConnection omite la verificaci\u00f3n del nombre de host del certificado TLS del servidor si la aplicaci\u00f3n presenta un fallo al especificar la identidad esperada del servidor. Esto est\u00e1 en contraste con su comportamiento documentado previsto, en el fallo de la verificaci\u00f3n del certificado. Las aplicaciones que fallaron al proporcionar la identidad del servidor, incluidas Balsa versiones anteriores a 2.5.11 y versiones 2.6.x anteriores a 2.6.1, aceptan un certificado TLS si el certificado es v\u00e1lido para cualquier host."
}
],
"id": "CVE-2020-13645",
"lastModified": "2024-11-21T05:01:40.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-28T12:15:11.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/balsa/-/issues/34"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-50"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4405-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/balsa/-/issues/34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4405-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 8.2.3 | |
| broadcom | fabric_operating_system | 9.0.1 | |
| broadcom | fabric_operating_system | 9.0.1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D187BF-39F3-4AA9-BDBA-3EE1C4428536",
"versionEndExcluding": "8.2.3",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C9EA56-CB9E-4216-80FE-1FFB7A6FFA09",
"versionEndExcluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8758BE-527C-40EA-BFE6-848A1C87723F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3AAD9957-CACE-472A-86F5-144AEA651948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "73C4B568-2A94-43F0-9F71-6D1206D59964",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch."
},
{
"lang": "es",
"value": "Un fallo de autorizaci\u00f3n intermitente en aaa tacacs+ con las versiones de Brocade Fabric OS anteriores a v9.0.1b y posteriores a 9.0.0, tambi\u00e9n en Brocade Fabric OS versiones anteriores a v8.2.3a y posteriores a v8.2.0, podr\u00eda causar que un usuario con una cuenta v\u00e1lida no pudiera iniciar sesi\u00f3n en el switch"
}
],
"id": "CVE-2021-27793",
"lastModified": "2024-11-21T05:58:34.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T15:15:07.817",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1553"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 14:29
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la secci\u00f3n de actualizaci\u00f3n del firmware de Brocade Webtools de Brocade Fabric OS en versiones anteriores a la 8.2.1, 8.1.2f, 8.0.2f y 7.4.2d podr\u00eda permitir a los atacantes autenticados remotos ejecutar comandos arbitrarios."
}
],
"id": "CVE-2018-6442",
"lastModified": "2024-11-21T04:10:41.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T14:29:00.820",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-31 00:15
Modified
2024-11-21 08:17
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | 9.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3045B8-D0C4-47D8-8EBB-F96B1DBBA1DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \nfirmwaredownload command on Brocade Fabric OS v9.2.0 could log the \nFTP/SFTP/SCP server password in clear text in the SupportSave file when \nperforming a downgrade from Fabric OS v9.2.0 to any earlier version of \nFabric OS.\n\n"
},
{
"lang": "es",
"value": "El comando firmwaredownload en Brocade Fabric OS v9.2.0 podr\u00eda registrar la contrase\u00f1a del servidor FTP/SFTP/SCP en texto plano en el archivo \"SupportSave\" al realizar un downgrade de Fabric OS v9.2.0 a culaquier versi\u00f3n anterior de Fabric OS. "
}
],
"id": "CVE-2023-3489",
"lastModified": "2024-11-21T08:17:22.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-31T00:15:07.913",
"references": [
{
"source": "sirt@brocade.com",
"url": "https://security.netapp.com/advisory/ntap-20231124-0003/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231124-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 14:29
Modified
2024-11-21 04:10
Severity ?
Summary
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el comando secryptocfg de las versiones de la interfaz de l\u00ednea de comandos (CLI) de Brocade Fabric OS en versiones anteriores a la 8.2.1, 8.1.2f, 8.0.2f, 8.4.2f y 7.4.2d podr\u00eda permitir que un atacante local escape de la shell restringida y obtenga acceso root."
}
],
"id": "CVE-2018-6435",
"lastModified": "2024-11-21T04:10:40.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T14:29:00.727",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-729"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 19:29
Modified
2024-11-21 04:10
Severity ?
Summary
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el comando help de las versiones de la interfaz de l\u00ednea de comandos (CLI) de Brocade Fabric OS en versiones anteriores a la 8.2.1, 8.1.2f, 8.0.2f, 8.4.2f y 7.4.2d podr\u00eda permitir que un atacante local escape de la shell restringida y obtenga acceso root."
}
],
"id": "CVE-2018-6437",
"lastModified": "2024-11-21T04:10:40.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T19:29:02.317",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28897387-F3CA-441E-8290-E32C1BBFEED8",
"versionEndExcluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el sistema de autenticaci\u00f3n radius de Brocade Fabric OS versiones anteriores a Brocade Fabric OS 9.0, podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el conmutador Brocade"
}
],
"id": "CVE-2022-33178",
"lastModified": "2024-11-21T07:07:39.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.047",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0003/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2077"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-24 14:15
Modified
2024-11-21 05:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | 8.3 | |
| openbsd | openssh | 8.3 | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| broadcom | fabric_operating_system | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF43EA3-A7C8-404B-B61C-856BA5A45F47",
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*",
"matchCriteriaId": "BE31BDF5-E836-4783-842C-79A9F4B384E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "7AF2FAD7-B7B8-4D8E-8BCD-EB7325C2328E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\""
},
{
"lang": "es",
"value": "** EN DISPUTA ** scp en OpenSSH versiones hasta 8.3p1 permite una inyecci\u00f3n de comandos en la funci\u00f3n toremote de scp.c, como lo demuestran los caracteres backtick en el argumento de destino. NOTA: seg\u00fan se informa, el proveedor ha declarado que omite intencionadamente la validaci\u00f3n de las \"transferencias de argumentos an\u00f3malos\" porque eso podr\u00eda \"tener grandes posibilidades de romper los flujos de trabajo existentes\""
}
],
"id": "CVE-2020-15778",
"lastModified": "2024-11-21T05:06:09.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-07-24T14:15:12.450",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssh.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssh.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 21:15
Modified
2024-11-21 05:05
Severity ?
Summary
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "202112E1-F1FD-4791-A971-EDA4F0C32A38",
"versionEndExcluding": "7.4.2g",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "404CA92A-BC25-42D7-96F8-30591370BF7B",
"versionEndExcluding": "8.1.2k",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "387750C5-34B6-49FA-8540-6CF4D26AB286",
"versionEndExcluding": "8.2.0_cbn3",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3639FD-394B-42E2-861C-3BD355CE58A4",
"versionEndExcluding": "8.2.1e",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03504386-654D-47A0-B406-A94B0EE5D351",
"versionEndExcluding": "8.2.2c",
"versionStartIncluding": "8.2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g, contienen una debilidad de comprobaci\u00f3n inapropiada de la entrada en la interfaz de l\u00ednea de comandos cuando es invocado secccrypptocfg.\u0026#xa0;La vulnerabilidad podr\u00eda permitir a un usuario autenticado local ejecutar comandos arbitrarios y llevar a cabo una escalada de privilegios"
}
],
"id": "CVE-2020-15375",
"lastModified": "2024-11-21T05:05:26.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T21:15:12.190",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1083"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D137CFD9-916B-4B8D-9E57-2EECCE5FD32B",
"versionEndExcluding": "8.2.3a",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F",
"versionEndExcluding": "9.0.1a",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process."
},
{
"lang": "es",
"value": "Una funci\u00f3n que es usada para analizar el encabezado de Autenticaci\u00f3n en el servicio de aplicaciones web de Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.1a y v8.2.3a, presenta un fallo en procesar apropiadamente un encabezado de autenticaci\u00f3n malformado procedente del cliente, resultando en una lectura de direcciones de memoria fuera del rango previsto. Un atacante no autenticado podr\u00eda descubrir una petici\u00f3n, que podr\u00eda omitir el proceso de autenticaci\u00f3n"
}
],
"id": "CVE-2021-27791",
"lastModified": "2024-11-21T05:58:34.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T15:15:07.737",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-06 02:15
Modified
2024-11-21 05:58
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Brocade Fabric OS (FOS) hardware
platforms running any version of Brocade Fabric OS software, which
supports the license string format; contain cryptographic
issues that could allow for the installation of forged or fraudulent
license keys. This would allow attackers or a malicious party to forge a
counterfeit license key that the Brocade Fabric OS platform would
authenticate and activate as if it were a legitimate license key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | brocade_300 | - | |
| broadcom | brocade_610 | - | |
| broadcom | brocade_6505 | - | |
| broadcom | brocade_6510 | - | |
| broadcom | brocade_6520 | - | |
| broadcom | brocade_7800 | - | |
| broadcom | brocade_7810 | - | |
| broadcom | brocade_7840 | - | |
| broadcom | brocade_g620 | - | |
| broadcom | brocade_g630 | - | |
| broadcom | brocade_x6-4_director | - | |
| broadcom | brocade_x6-8_director | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A924BA8-278D-42F8-9A38-AE1087384629",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:brocade_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "514B80C9-FB9A-46FF-A58F-F90D695CD6EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B3C11A-72A1-40E7-8062-FDCE8B31BF45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_6505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE32859-8F51-41C0-829F-E2C7C70D2B32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_6510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB73E604-D2BA-463E-8F89-B6FA2D762C49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_6520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD15038-420D-456C-9E46-1F68730D5294",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E8C687-7999-4FC9-B6F0-8235808B2113",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_7810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E297EC07-ACD9-44CB-A52E-E8D77F1AB3B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_7840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3BC204-ED15-4F07-A493-D688A02E2AF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_g620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C167A2-3A1D-4A7C-8BB0-E923F774DAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_g630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBE84E8-4D66-4CE7-B6D9-F67F92014C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_x6-4_director:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3425B-AADB-4507-9D9D-907BD49359B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:broadcom:brocade_x6-8_director:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF27302-C9A5-4C62-B97D-BFEDAE2F9F5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n"
},
{
"lang": "es",
"value": "Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versi\u00f3n del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptogr\u00e1ficos que podr\u00edan permitir la instalaci\u00f3n de claves de licencia falsificadas o fraudulentas. Esto permitir\u00eda a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticar\u00eda y activar\u00eda como si fuera una clave de licencia leg\u00edtima."
}
],
"id": "CVE-2021-27795",
"lastModified": "2024-11-21T05:58:34.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-06T02:15:06.573",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-01 21:15
Modified
2024-11-21 08:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "379DA47D-6B21-4524-B0E7-2A41A4C8D446",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, \u201croot\u201d account access is disabled.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad en el comando fosexec de Brocade Fabric OS despu\u00e9s de Brocade Fabric OS v9.1.0 y, antes de Brocade Fabric OS v9.1.1 podr\u00eda permitir a un usuario local autenticado realizar una escalada de privilegios a root rompiendo el shell rbash. A partir de Fabric OS v9.1.0, el acceso a la cuenta \"root\" est\u00e1 deshabilitado."
}
],
"id": "CVE-2023-31425",
"lastModified": "2024-11-21T08:01:50.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-01T21:15:10.597",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands \u201csupportlink\u201d, \u201cfirmwaredownload\u201d, \u201cportcfgupload, license, and \u201cfosexec\u201d."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, podr\u00eda permitir a un usuario local autenticado escalar su privilegio a root usando los comandos del switch \"supportlink\", \"firmwaredownload\", \"portcfgupload, license, y \"fosexec\""
}
],
"id": "CVE-2022-33182",
"lastModified": "2024-11-21T07:07:40.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.657",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0007/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2084"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-21 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0151C51-2C6D-4883-B6FE-6F7E131440A3",
"versionEndIncluding": "7.4.2h",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC97011A-D490-46B7-BDC3-006CF3BBB025",
"versionEndIncluding": "8.0.2f",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D47C5353-477E-4EBB-86BA-7508B0B11955",
"versionEndExcluding": "8.1.2h",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2D8072-DBB6-4D20-BA71-1160E04F20C9",
"versionEndExcluding": "8.2.1c",
"versionStartIncluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a Brocade Fabric OS versiones v8.2.1c, v8.1.2h, y todas las versiones de Brocade Fabric OS v8.0.x y v7.x contienen credenciales documentadas embebidas, que podr\u00edan permitir a los atacantes conseguir acceso al sistema"
}
],
"id": "CVE-2021-27797",
"lastModified": "2024-11-21T05:58:35.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-21T18:15:08.447",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1722"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8909980-A7E4-46DF-A6E4-6E6E2F9D7C15",
"versionEndExcluding": "9.0.1e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account."
},
{
"lang": "es",
"value": "Varios comandos en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v.9.0.1e, y v9.1.0, usan funciones de cadena no seguras para procesar la entrada del usuario. Los atacantes locales autenticados podr\u00edan abusar de estas vulnerabilidades para explotar los desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria, permitiendo una ejecuci\u00f3n de c\u00f3digo arbitrario como la cuenta de usuario root"
}
],
"id": "CVE-2022-33185",
"lastModified": "2024-11-21T07:07:40.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.840",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0010/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 14:29
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user\u0027s session ID."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de las versiones de Brocade Fabric OS anteriores a la 8.2.1, 8.1.2f, 8.0.2f y 7.4.2d podr\u00eda permitir a los atacantes interceptar o manipular el ID de sesi\u00f3n de un usuario."
}
],
"id": "CVE-2018-6434",
"lastModified": "2024-11-21T04:10:40.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T14:29:00.680",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-736"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8BD040-E8F0-4386-B680-19CD1BD381D7",
"versionEndExcluding": "7.4.2.j",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las bibliotecas fab_seg.c.h de todas las versiones de Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j, podr\u00eda permitir a atacantes locales autenticados explotar desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria y ejecutar c\u00f3digo arbitrario como cuenta de usuario root"
}
],
"id": "CVE-2022-33184",
"lastModified": "2024-11-21T07:07:40.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.780",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0009/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2080"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 16:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | data_availability_services | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| broadcom | fabric_operating_system | - | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | 8300_firmware | - | |
| netapp | 8300 | - | |
| netapp | 8700_firmware | - | |
| netapp | 8700 | - | |
| netapp | a400_firmware | - | |
| netapp | a400 | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2342E0A5-8C6E-4EC6-8BC5-418E3F975B9D",
"versionEndExcluding": "4.4.204",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED947B00-B3CA-41BF-95D0-122D37F5B7BD",
"versionEndExcluding": "4.9.204",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4469430-6F48-41B8-AEDF-8B4E6E8AC03B",
"versionEndExcluding": "4.14.157",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C4C528-B25B-4D52-8A88-5052932CEEDF",
"versionEndExcluding": "4.19.87",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A13B4BB5-9419-4DE5-AA55-3BEBC16095D6",
"versionEndExcluding": "5.3.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2217A93-CE4C-44EE-B62F-3697614E9F5E",
"versionEndExcluding": "5.4.1",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo drivers/media/platform/vivid en el kernel de Linux versiones hasta 5.3.8. Esto es explotable para una escalada de privilegios en algunas distribuciones de Linux donde los usuarios locales tienen acceso a /dev/video0, pero solo si el controlador ha sido cargado. Se presenta varias condiciones de carrera durante la detenci\u00f3n de la transmisi\u00f3n en este controlador (parte del subsistema V4L2). Estos problemas son causados ??por el bloqueo de mutex incorrecto en las funciones vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming() y los kthreads correspondientes. Al menos una de estas condiciones de carrera conlleva a un uso de la memoria previamente liberada."
}
],
"id": "CVE-2019-18683",
"lastModified": "2024-11-21T04:33:31.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T16:15:11.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-08 18:29
Modified
2024-11-21 02:58
Severity ?
Summary
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1B2095-2EAB-40F5-ABC1-3B592413A09F",
"versionEndIncluding": "7.4.1c",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA532CBE-FCAF-4AE7-9A39-808864223E41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalamiento de privilegios en los productos de Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) versiones anteriores a 7.4.1d y 8.0.1b, podr\u00eda permitir a un atacante autenticado elevar los privilegios de las cuentas de usuario que acceden al sistema por medio de la interfaz de l\u00ednea de comandos. En versiones afectadas, los usuarios no root pueden conseguir acceso root con una combinaci\u00f3n de comandos y par\u00e1metros de shell."
}
],
"id": "CVE-2016-8202",
"lastModified": "2024-11-21T02:58:58.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-08T18:29:00.217",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98332"
},
{
"source": "sirt@brocade.com",
"url": "http://www.securitytracker.com/id/1038401"
},
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03739en_us"
},
{
"source": "sirt@brocade.com",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03739en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 04:10
Severity ?
Summary
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28897387-F3CA-441E-8290-E32C1BBFEED8",
"versionEndExcluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers"
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de encabezado de host en la interfaz de administraci\u00f3n http en Brocade Fabric OS versiones anteriores a v9.0.0, podr\u00eda permitir a un atacante remoto explotar esta vulnerabilidad mediante la inyecci\u00f3n de encabezados HTTP arbitrarios"
}
],
"id": "CVE-2018-6449",
"lastModified": "2024-11-21T04:10:42.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.250",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1077"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 16:15
Modified
2024-11-21 04:30
Severity ?
Summary
Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA53F87-F659-4F19-B794-9329071B9381",
"versionEndExcluding": "8.2.1d",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE5A077-1059-4D4C-B7DF-D49DB6C9B95B",
"versionEndExcluding": "8.2.2a",
"versionStartIncluding": "8.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a v8.2.2a y v8.2.1d, podr\u00edan exponer las credenciales del servidor ESRS remoto cuando estas credenciales son otorgadas como una opci\u00f3n de l\u00ednea de comando cuando se configura el cliente ESRS."
}
],
"id": "CVE-2019-16203",
"lastModified": "2024-11-21T04:30:16.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T16:15:10.770",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-906"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 05:05
Severity ?
Summary
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | 8.2.1 | |
| broadcom | fabric_operating_system | 8.2.1a | |
| broadcom | fabric_operating_system | 8.2.1b | |
| broadcom | fabric_operating_system | 8.2.1c | |
| broadcom | fabric_operating_system | 8.2.1d | |
| broadcom | fabric_operating_system | 8.2.2 | |
| broadcom | fabric_operating_system | 8.2.2a | |
| broadcom | fabric_operating_system | 8.2.2a1 | |
| broadcom | fabric_operating_system | 8.2.2b | |
| broadcom | fabric_operating_system | 8.2.2c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B244FB24-0767-4DC4-9988-ED8C5D9D9A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA4E8C-F140-4E39-9A6F-7883F2822499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CB0EA0-D553-4D17-867A-0DBD5D1F6764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer en la API REST en Brocade Fabric OS versiones v8.2.1 hasta v8.2.1d, y versiones 8.2.2 anteriores a v8.2.2c, podr\u00edan permitir a atacantes remotos no autenticados llevar a cabo varios ataques"
}
],
"id": "CVE-2020-15373",
"lastModified": "2024-11-21T05:05:26.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.720",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1082"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 06:56
Severity ?
Summary
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A6CDCD-FDE7-4D1A-A762-93E9BF700669",
"versionEndExcluding": "9.1.1",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator\u0027s authorization header."
},
{
"lang": "es",
"value": "Brocade Webtools en versiones de Brocade Fabric OS anteriores a v9.1.1, v9.0.1e y v8.2.3c podr\u00edan permitir que un usuario de webtools poco privilegiado obtuviera derechos de administrador elevados, o privilegios, m\u00e1s all\u00e1 de lo previsto o autorizado para ese usuario. Al explotar esta vulnerabilidad, un usuario cuyo rol no es de administrador puede crear un nuevo usuario con rol de administrador usando el identificador de sesi\u00f3n del operador. El problema fue replicado despu\u00e9s de interceptar los encabezados de autorizaci\u00f3n del administrador y del operador enviadas sin cifrar y editar una petici\u00f3n de adici\u00f3n de usuario para usar el encabezado de autorizaci\u00f3n del operador"
}
],
"id": "CVE-2022-28169",
"lastModified": "2024-11-21T06:56:53.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:38.813",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0001/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 05:05
Severity ?
Summary
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "202112E1-F1FD-4791-A971-EDA4F0C32A38",
"versionEndExcluding": "7.4.2g",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "404CA92A-BC25-42D7-96F8-30591370BF7B",
"versionEndExcluding": "8.1.2k",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "387750C5-34B6-49FA-8540-6CF4D26AB286",
"versionEndExcluding": "8.2.0_cbn3",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3639FD-394B-42E2-861C-3BD355CE58A4",
"versionEndExcluding": "8.2.1e",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A75FE20-2D64-4414-9CB2-7839E95BBC7A",
"versionEndExcluding": "8.2.2a1",
"versionStartIncluding": "8.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03504386-654D-47A0-B406-A94B0EE5D351",
"versionEndExcluding": "8.2.2c",
"versionStartIncluding": "8.2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de l\u00ednea de comandos en Brocade Fabric OS antes de Brocade Fabric OS versiones v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, podr\u00eda permitir a un atacante autenticado local modificar las variables de shell, lo que puede conllevar a una escalada de privilegios o una omisi\u00f3n del registro"
}
],
"id": "CVE-2020-15372",
"lastModified": "2024-11-21T05:05:26.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.657",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-913"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-03 21:29
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@brocade.com | https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733 | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servicio proxy de las versiones de Brocade Fabric OS anteriores a 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d podr\u00eda permitir a los atacantes remotos no autenticados obtener informaci\u00f3n sensible y posiblemente provocar un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-6440",
"lastModified": "2024-11-21T04:10:41.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-03T21:29:00.273",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-733"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-08 22:29
Modified
2024-11-21 03:29
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 8.0.2 | |
| broadcom | fabric_operating_system | 8.1.1 | |
| brocade | fabric_os | 8.0.1b1 | |
| brocade | fabric_os | 8.0.2b1 | |
| brocade | fabric_os | 8.1.0c1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80B46F5-ED68-4AA1-BB45-14CCE854385D",
"versionEndExcluding": "7.4.2b",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9EBAFF-2358-4EEC-9E83-EBCAC8805414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79418EEC-72C2-4A85-97CE-7B472E9AAF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:brocade:fabric_os:8.0.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC5AF95-9000-4787-8528-1B9B076C4E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:brocade:fabric_os:8.0.2b1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DA1CFC-AFF3-421F-90CD-61BA8DF01796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:brocade:fabric_os:8.1.0c1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE33C2-6513-4FF1-8094-85E9175B8A02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de gesti\u00f3n web de productos Brocade Fibre Channel SAN que ejecutan Brocade Fabric OS (FOS) en versiones anteriores a la 7.4.2b, 8.1.2 y la 8.2.0 podr\u00eda permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario o accedan a informaci\u00f3n sensible del navegador."
}
],
"id": "CVE-2017-6225",
"lastModified": "2024-11-21T03:29:18.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-08T22:29:00.207",
"references": [
{
"source": "sirt@brocade.com",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
},
{
"source": "sirt@brocade.com",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03851en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-21 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B36104-09A7-4687-8389-14B7F0CD8EAB",
"versionEndExcluding": "7.4.1d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78437081-AF0F-45B1-A7C5-3E9CD1016952",
"versionEndExcluding": "8.0.1b",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the \u201cuser\u201d or \u201cfactory\u201d account, to read the contents of any file on the filesystem utilizing one of a few available binaries."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v8.0.1b, v7.4.1d podr\u00eda permitir a un atacante autenticado dentro del entorno de shell restringido (rbash) como cuenta \"user\" o \"factory\", leer el contenido de cualquier archivo del sistema de archivos utilizando uno de los pocos binarios disponibles"
}
],
"id": "CVE-2021-27796",
"lastModified": "2024-11-21T05:58:35.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-21T18:15:08.407",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1721"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "942EE264-4FE0-45C7-A111-0137C18C3962",
"versionEndExcluding": "7.4.2h",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61DD246D-373A-4035-814B-6961A1AEF2A9",
"versionEndExcluding": "8.2.0_cbn4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32439844-2E32-49D9-9584-F24DF1E4B053",
"versionEndExcluding": "8.2.3",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F",
"versionEndExcluding": "9.0.1a",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account."
},
{
"lang": "es",
"value": "El comando ipfilter en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v.9.0.1a, v8.2.3, y v8.2.0_CBN4, y v7.4.2h, usa una funci\u00f3n de cadena no segura para procesar la entrada del usuario. Unos atacantes autenticados pueden abusar de esta vulnerabilidad para explotar unos desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria, permitiendo una ejecuci\u00f3n de c\u00f3digo arbitrario como la cuenta de usuario root."
}
],
"id": "CVE-2021-27790",
"lastModified": "2024-11-21T05:58:34.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T15:15:07.697",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-01 22:15
Modified
2024-11-21 08:01
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F75FABE1-3E2C-43CE-8C5A-0F313F09E2C4",
"versionEndExcluding": "8.2.3d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91FB969C-FA9A-4007-849A-7120543BC5E1",
"versionEndExcluding": "9.1.1c",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nThe Brocade Fabric OS Commands \u201cconfigupload\u201d and \u201cconfigdownload\u201d before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Los comandos de Brocade Fabric OS \"configupload\" y \"configdownload\" anteriores a Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 imprimen las contrase\u00f1as de los servidores scp, sftp y ftp en supportsave. Esto podr\u00eda permitir a un atacante remoto autenticado acceder a informaci\u00f3n sensible."
}
],
"id": "CVE-2023-31426",
"lastModified": "2024-11-21T08:01:50.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-01T22:15:13.597",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 14:29
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el comando de exportaci\u00f3n secryptocfg de las versiones de Brocade Fabric OS anteriores a la 8.2.1, 8.1.2f, 8.0.2f y 7.4.2d podr\u00eda permitir a un atacante local omitir las restricciones de acceso a los archivos de exportaci\u00f3n e iniciar una copia de los archivos desde el origen a un sistema remoto."
}
],
"id": "CVE-2018-6433",
"lastModified": "2024-11-21T04:10:40.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T14:29:00.617",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-728"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-08 22:29
Modified
2024-11-21 03:29
Severity ?
Summary
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 8.0.0 | |
| broadcom | fabric_operating_system | 8.0.1 | |
| broadcom | fabric_operating_system | 8.0.2 | |
| broadcom | fabric_operating_system | 8.1.0 | |
| broadcom | fabric_operating_system | 8.1.1 | |
| broadcom | fabric_operating_system | 8.1.2 | |
| brocade | fabric_os | 8.0.2b2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80B46F5-ED68-4AA1-BB45-14CCE854385D",
"versionEndExcluding": "7.4.2b",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A234DD0C-6C62-4A5E-B093-14F54710C2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA532CBE-FCAF-4AE7-9A39-808864223E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9EBAFF-2358-4EEC-9E83-EBCAC8805414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7727C720-11C5-48DA-B604-6D296B0A9521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79418EEC-72C2-4A85-97CE-7B472E9AAF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E064A2B0-8316-4192-A319-81778BE7923C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:brocade:fabric_os:8.0.2b2:*:*:*:*:*:*:*",
"matchCriteriaId": "C315549C-5ABE-4EC5-AF7C-741AD70E2112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la pila IPv6 de productos Brocade Fibre Channel SAN que ejecutan versiones de Brocade Fabric OS (FOS) anteriores a la 7.4.2b, 8.1.2 y 8.2.0 podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (consumo de CPU y bloqueo del dispositivo) enviando mensajes Router Advertisement (RA) manipulados a un sistema objetivo."
}
],
"id": "CVE-2017-6227",
"lastModified": "2024-11-21T03:29:18.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-08T22:29:00.270",
"references": [
{
"source": "sirt@brocade.com",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-21 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90907017-473C-48CA-9441-DAFAF5F81049",
"versionEndIncluding": "1.1.1f",
"versionStartIncluding": "1.1.1d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:12.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD7E6AC-A613-4938-91D1-402DA2038875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F87918FE-62C0-4DC5-8894-847DFB5B7E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C5EC81-F74A-4280-A041-EC5EE36D0919",
"versionEndIncluding": "5.6.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A68EF8-15AA-42A7-9734-6F9470EB35CD",
"versionEndIncluding": "5.7.30",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1A3769-E443-4511-B349-B5304F5E6EBD",
"versionEndIncluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F198EB3-A3AB-42EA-BF3A-D8BB4D9210EE",
"versionEndIncluding": "8.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3BBE71-CA00-4F54-9210-FC7572C87CFB",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73573516-EDA0-4176-A3ED-2F7006C87F8E",
"versionEndIncluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E07B577-50FE-43B4-8AAD-4C267A494A36",
"versionEndIncluding": "8.0.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jdedwards:enterpriseone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4475E9-FF6F-4B94-8989-D8E2EB69F782",
"versionEndExcluding": "9.2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACF85D6-6B45-43DA-9C01-F0208186F014",
"versionEndExcluding": "6.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
},
{
"lang": "es",
"value": "Las aplicaciones de Servidor o Cliente que llaman a la funci\u00f3n SSL_check_chain() durante o despu\u00e9s del protocolo de enlace de TLS versi\u00f3n 1.3, puede bloquear debido a una desreferencia del puntero NULL como resultado de un manejo incorrecto de la extensi\u00f3n TLS \"signature_algorithms_cert\". El bloqueo ocurre si se recibe un algoritmo de firma no comprobada o ni reconocido del peer. Esto podr\u00eda ser explotado por un peer malicioso en un ataque de Denegaci\u00f3n de Servicio. OpenSSL versiones 1.1.1d, 1.1.1e y 1.1.1f est\u00e1n afectadas por este problema. Este problema no afectaba a OpenSSL versiones anteriores a la versi\u00f3n 1.1.1d. Corregido en OpenSSL versi\u00f3n 1.1.1g (Afectado en la versi\u00f3n 1.1.1d-1.1.1f)."
}
],
"id": "CVE-2020-1967",
"lastModified": "2024-11-21T05:11:45.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T14:15:11.287",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/May/5"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/irsl/CVE-2020-1967"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202004-10"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4661"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20200421.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-03"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-04"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/May/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/irsl/CVE-2020-1967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202004-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20200421.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-10"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 18:15
Modified
2024-11-21 04:39
Severity ?
Summary
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | service_processor | - | |
| broadcom | fabric_operating_system | - | |
| netapp | a250_firmware | - | |
| netapp | a250 | - | |
| netapp | 500f_firmware | - | |
| netapp | 500f | - | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D747200-4C8A-4BAE-9818-BD1458253D8F",
"versionEndIncluding": "2.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF32BB1-9A58-4821-AE49-5D5C8200631F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F21DE67F-CDFD-4D36-9967-633CD0240C6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read."
},
{
"lang": "es",
"value": "La funcionalidad iconv en la biblioteca GNU C (tambi\u00e9n se conoce como glibc o libc6) versiones hasta 2.32, cuando se procesan secuencias de entrada multibyte no v\u00e1lidas en la codificaci\u00f3n EUC-KR, puede tener una lectura excesiva del b\u00fafer."
}
],
"id": "CVE-2019-25013",
"lastModified": "2024-11-21T04:39:44.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T18:15:13.027",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
},
{
"source": "cve@mitre.org",
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 16:15
Modified
2024-11-21 04:30
Severity ?
Summary
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6DCC8F-C9A9-4607-8A12-7E453C455CE1",
"versionEndExcluding": "7.4.2f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45C158D5-FD70-42DD-9F3B-97846F724E89",
"versionEndExcluding": "8.1.2j",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA53F87-F659-4F19-B794-9329071B9381",
"versionEndExcluding": "8.2.1d",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE5A077-1059-4D4C-B7DF-D49DB6C9B95B",
"versionEndExcluding": "8.2.2a",
"versionStartIncluding": "8.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a v7.4.2f, v8.2.2a, v8.1.2j y v8.2.1d, podr\u00edan exponer contrase\u00f1as externas, secretos comunes o claves de autenticaci\u00f3n usadas entre el switch y un servidor externo."
}
],
"id": "CVE-2019-16204",
"lastModified": "2024-11-21T04:30:16.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T16:15:10.833",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "942EE264-4FE0-45C7-A111-0137C18C3962",
"versionEndExcluding": "7.4.2h",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7114B4B6-6494-4296-A91D-92116C6312CB",
"versionEndExcluding": "8.2.3a",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F",
"versionEndExcluding": "9.0.1a",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot."
},
{
"lang": "es",
"value": "Las funciones de manejo de solicitudes en la interfaz de administraci\u00f3n web de las versiones del sistema operativo Brocade Fabric anteriores a las versiones v9.0.1a, v8.2.3a y v7.4.2h no manejan adecuadamente la entrada de usuario con formato incorrecto, lo que resulta en un bloqueo del servicio. Un atacante autenticado podr\u00eda usar esta debilidad para hacer que el controlador de la aplicaci\u00f3n HTTP de FOS se bloquee, requiriendo un reinicio."
}
],
"id": "CVE-2021-27792",
"lastModified": "2024-11-21T05:58:34.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T15:15:07.777",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1490"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "942EE264-4FE0-45C7-A111-0137C18C3962",
"versionEndExcluding": "7.4.2h",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7114B4B6-6494-4296-A91D-92116C6312CB",
"versionEndExcluding": "8.2.3a",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F",
"versionEndExcluding": "9.0.1a",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el mecanismo de autenticaci\u00f3n de las versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v.9.0.1a, v8.2.3a y v7.4.2h, pod\u00eda permitir a un usuario iniciar sesi\u00f3n con una contrase\u00f1a vac\u00eda y no v\u00e1lida mediante telnet, ssh y REST"
}
],
"id": "CVE-2021-27794",
"lastModified": "2024-11-21T05:58:34.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T15:15:07.857",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 15:15
Modified
2024-11-21 05:05
Severity ?
Summary
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 8.2.1 | |
| broadcom | fabric_operating_system | 8.2.1a | |
| broadcom | fabric_operating_system | 8.2.1b | |
| broadcom | fabric_operating_system | 8.2.1c | |
| broadcom | fabric_operating_system | 8.2.1d | |
| broadcom | fabric_operating_system | 8.2.2a1 | |
| broadcom | fabric_operating_system | 8.2.2b | |
| broadcom | fabric_operating_system | 8.2.2c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "017C502B-C9AA-41EF-BBE1-F34DAD9A21F4",
"versionEndExcluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CB0EA0-D553-4D17-867A-0DBD5D1F6764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic."
},
{
"lang": "es",
"value": "Una ejecuci\u00f3n de escaneos de seguridad contra el SAN switch puede causar a los procesos de configuraci\u00f3n y notificaci\u00f3n secundaria dentro de las versiones de firmware anteriores a Brocade Fabric OS v9.0.0, v8.2.2d y v8.2.1e, consumir toda la memoria, conllevando a impactos de denegaci\u00f3n de servicio que posiblemente incluyen un switch panic"
}
],
"id": "CVE-2020-15383",
"lastModified": "2024-11-21T05:05:27.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T15:15:08.107",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-07 14:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | data_availability_services | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| broadcom | fabric_operating_system | - | |
| netapp | aff_a700s_firmware | - | |
| netapp | aff_a700s | - | |
| netapp | fas8300_firmware | - | |
| netapp | fas8300 | - | |
| netapp | fas8700_firmware | - | |
| netapp | fas8700 | - | |
| netapp | aff_a400_firmware | - | |
| netapp | aff_a400 | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49884052-E8FD-49E4-A9F3-D0964EB0AC31",
"versionEndExcluding": "4.4.180",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6AB36D-D9AC-4381-88AF-CC4FDA5EC98E",
"versionEndExcluding": "4.9.172",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3562ABD-4F11-4BD1-9BBD-417B7BC9BCF3",
"versionEndExcluding": "4.14.115",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48FBE002-61C1-4569-B850-E15BD2DBA143",
"versionEndExcluding": "4.19.38",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C23FEFDF-76B5-46C0-9481-CE70EBDB7BFE",
"versionEndExcluding": "5.0.11",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2258D313-BAF7-482D-98E0-79F2A448287B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1578A37C-C7CC-4B36-8668-6A1AED63B0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "49BD6839-AB64-48DA-9D1D-18B4508AF652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1E5129A-F85C-432A-988D-6C3ED03EC04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "0669A9F1-3BFF-4E5A-BEF7-9F2A627CEF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "9CC18FCC-3F69-4A7E-9F29-4C4504E83B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*",
"matchCriteriaId": "12A5D914-5CEB-4D3F-A903-6F1FAD82A125",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
"versionEndIncluding": "11.60.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89706810-031B-49F0-B353-FD27FD7B2776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD1E822-1EA6-4E62-A58B-2378149D20DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo net/ipv4/sysctl_net_ipv4.c en el kernel de Linux versiones anteriores a 5.0.11. Se presenta un desbordamiento de enteros firmado del archivo net/ipv4/tcp_input.c en la funci\u00f3n tcp_ack_update_rtt() cuando el espacio de usuario escribe un entero muy grande en /proc/sys/net/ipv4/tcp_min_rtt_wlen, lo que conlleva a una denegaci\u00f3n de servicio o posiblemente a otro impacto no especificado, tambi\u00e9n se conoce como CID -19fad20d15a6."
}
],
"id": "CVE-2019-18805",
"lastModified": "2024-11-21T04:33:36.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-07T14:15:11.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 05:05
Severity ?
Summary
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | 8.2.1 | |
| broadcom | fabric_operating_system | 8.2.1a | |
| broadcom | fabric_operating_system | 8.2.1b | |
| broadcom | fabric_operating_system | 8.2.1c | |
| broadcom | fabric_operating_system | 8.2.1d | |
| broadcom | fabric_operating_system | 8.2.2 | |
| broadcom | fabric_operating_system | 8.2.2a | |
| broadcom | fabric_operating_system | 8.2.2a1 | |
| broadcom | fabric_operating_system | 8.2.2b | |
| broadcom | fabric_operating_system | 8.2.2c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B244FB24-0767-4DC4-9988-ED8C5D9D9A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA4E8C-F140-4E39-9A6F-7883F2822499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CB0EA0-D553-4D17-867A-0DBD5D1F6764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input."
},
{
"lang": "es",
"value": "La API Rest en Brocade Fabric OS versiones v8.2.1 hasta v8.2.1d y versiones 8.2.2 anteriores a v8.2.2c, es vulnerable a m\u00faltiples instancias de entrada reflejada"
}
],
"id": "CVE-2020-15374",
"lastModified": "2024-11-21T05:05:26.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.797",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 04:10
Severity ?
Summary
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B419E9E-A92F-4773-B64D-F6A9D595666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09357B7C-2D5C-4C4C-A630-92E93A00F366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48535F1A-DDEA-4225-9592-7890E3CB7F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:5.0.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "569C1E6A-AD15-460D-91B2-03ABDF79925A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D149E5D3-33E7-4904-975B-6FEBC5D0D120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:5.2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3BF2BB-6323-4EFA-A76B-6EAC79C5E784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "847D6D8A-9DC1-4FA5-A204-BBC5A319DE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D67948-5C26-4CA3-BD1E-025AFF96AD97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1ECDF7-A972-4AFB-B6DB-BE81DE44E6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "C8237571-12FD-4871-9F30-3D0A9F956E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "916020DF-D1BC-4051-8492-88B4836CD91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0FD46-871D-4E19-89D6-B6BB73C2C315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9EF300-4DBC-4ECA-8A49-9A2D0027E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEAE07D-906E-4B7C-B577-14D15CFFB69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "8A589310-66AB-4D4F-A332-64E245AB1D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "F633FD3F-8224-4D96-BD0C-55EA218D4364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "656001D2-F17B-49C0-9F38-E84B5CE3E088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "9761DF12-141D-4109-805D-449B5495ACB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:7.4.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "DD207CDF-7BF9-4FBD-86C4-C24B66D219FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A234DD0C-6C62-4A5E-B093-14F54710C2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA532CBE-FCAF-4AE7-9A39-808864223E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "B31089DE-FCE6-4CE2-9175-DE852DA725BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "7C290579-59BF-4465-8D02-4A9154C3615D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9EBAFF-2358-4EEC-9E83-EBCAC8805414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "C9367275-F4B3-4BC1-BE50-00A9AFA84B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF2C554-5F8A-401F-8E0B-C686EE644CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "17139A37-3F57-4063-ADD4-FFF6813C0A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC5B110-36D5-4311-A4C2-E23CFC46F527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "08E5445F-89A9-4C9E-8F46-19F1279ED363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7727C720-11C5-48DA-B604-6D296B0A9521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "924F8C74-0EEC-4D77-AD24-8EFCD0FDF8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "68A9B3C1-2C1D-4D7D-BCFB-ECD1D78A9BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2277EA-698F-4874-BDEF-609AACE35C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79418EEC-72C2-4A85-97CE-7B472E9AAF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E9751-0A3F-44EC-8BF1-0192519B21D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E064A2B0-8316-4192-A319-81778BE7923C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA12D62-012C-4379-8DBC-F6439AFA56B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B419A050-C6B3-44A3-8C53-7CAA4FDA26E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "FB143EE1-4E8A-4ED5-B890-195686BF8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "C5159821-59B6-47BC-B888-BE122D022980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD8C47B-ADDA-4863-85C7-DEACBEF3824F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7E1958-4EE9-443D-B648-B937C4A29478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2j:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7656E4-4F68-4B98-A682-13A1D13600EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB05F642-6396-4FBC-BF59-3C7D513FC022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E46B701-EF2B-4EF3-AE28-E6DC700F5B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B244FB24-0767-4DC4-9988-ED8C5D9D9A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA4E8C-F140-4E39-9A6F-7883F2822499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8758BE-527C-40EA-BFE6-848A1C87723F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user\u2019s session and take over the account."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XSS Reflexivo en la Interfaz de Administraci\u00f3n HTTP en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g, podr\u00eda permitir a atacantes autenticados con acceso a la interfaz web secuestrar la sesi\u00f3n de un usuario y tomar el control de la cuenta"
}
],
"id": "CVE-2018-6447",
"lastModified": "2024-11-21T04:10:41.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.110",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1073"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "379DA47D-6B21-4524-B0E7-2A41A4C8D446",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with \u201cseccryptocfg\u201d, \u201cconfigupload\u201d."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, podr\u00eda permitir a un atacante local autenticado exportar archivos confidenciales con \"seccryptocfg\", \"configupload\""
}
],
"id": "CVE-2022-33180",
"lastModified": "2024-11-21T07:07:40.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.360",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0005/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-18 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@brocade.com | https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494 | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494 | Not Applicable, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882500CE-F924-45EF-B54F-D449527F1308",
"versionEndExcluding": "8.2.3a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F",
"versionEndExcluding": "9.0.1a",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program\u0027s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web de Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.1a y v8.2.3a, contiene declaraciones de depuraci\u00f3n que exponen informaci\u00f3n confidencial al dispositivo de salida est\u00e1ndar del programa. Un atacante que haya comprometido el sistema FOS puede usar esta debilidad para capturar informaci\u00f3n confidencial, como las credenciales de usuarios"
}
],
"id": "CVE-2021-27789",
"lastModified": "2024-11-21T05:58:34.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-18T18:15:11.520",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1494"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-31 01:15
Modified
2024-11-21 08:34
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
In
Brocade Fabric OS before v9.2.0a, a local authenticated privileged user
can trigger a buffer overflow condition, leading to a kernel panic with
large input to buffers in the portcfgfportbuffers command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE13EB8-68AA-4E11-80D3-48E88398A70D",
"versionEndExcluding": "9.2.0a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In\n Brocade Fabric OS before v9.2.0a, a local authenticated privileged user\n can trigger a buffer overflow condition, leading to a kernel panic with\n large input to buffers in the portcfgfportbuffers command.\n\n"
},
{
"lang": "es",
"value": "En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condici\u00f3n de desbordamiento de b\u00fafer, lo que lleva a un p\u00e1nico del kernel con una gran entrada a los b\u00faferes en el comando portcfgfportbuffers."
}
],
"id": "CVE-2023-4163",
"lastModified": "2024-11-21T08:34:31.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-31T01:15:09.190",
"references": [
{
"source": "sirt@brocade.com",
"url": "https://security.netapp.com/advisory/ntap-20231130-0001/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231130-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-09 17:15
Modified
2024-11-21 05:24
Severity ?
Summary
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | active_iq_unified_manager | - | |
| broadcom | fabric_operating_system | - | |
| netapp | solidfire_baseboard_management_controller_firmware | - | |
| netapp | solidfire_baseboard_management_controller | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | 8300_firmware | - | |
| netapp | 8300 | - | |
| netapp | 8700_firmware | - | |
| netapp | 8700 | - | |
| netapp | a400_firmware | - | |
| netapp | a400 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64B92439-A36E-4A51-B34C-52E926DB908E",
"versionEndIncluding": "5.9.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de inconsistencia de bloqueo en el subsistema tty del kernel de Linux versiones hasta 5.9.13. Los archivos drivers/tty/tty_io.c y drivers/tty/tty_jobctrl.c pueden permitir un ataque de lectura de la memoria previamente liberada contra TIOCGSID, tambi\u00e9n se conoce como CID-c8bcd9c5be24"
}
],
"id": "CVE-2020-29660",
"lastModified": "2024-11-21T05:24:22.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-09T17:15:31.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZ7OAKAEFAXQRGBZK4LYUWINCD3D2XCL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 14:15
Modified
2024-11-21 05:05
Severity ?
Summary
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A234DD0C-6C62-4A5E-B093-14F54710C2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA532CBE-FCAF-4AE7-9A39-808864223E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "B31089DE-FCE6-4CE2-9175-DE852DA725BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "7C290579-59BF-4465-8D02-4A9154C3615D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9EBAFF-2358-4EEC-9E83-EBCAC8805414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "C9367275-F4B3-4BC1-BE50-00A9AFA84B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF2C554-5F8A-401F-8E0B-C686EE644CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "17139A37-3F57-4063-ADD4-FFF6813C0A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC5B110-36D5-4311-A4C2-E23CFC46F527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "08E5445F-89A9-4C9E-8F46-19F1279ED363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7727C720-11C5-48DA-B604-6D296B0A9521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "924F8C74-0EEC-4D77-AD24-8EFCD0FDF8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "68A9B3C1-2C1D-4D7D-BCFB-ECD1D78A9BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2277EA-698F-4874-BDEF-609AACE35C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79418EEC-72C2-4A85-97CE-7B472E9AAF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E9751-0A3F-44EC-8BF1-0192519B21D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E064A2B0-8316-4192-A319-81778BE7923C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA12D62-012C-4379-8DBC-F6439AFA56B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B419A050-C6B3-44A3-8C53-7CAA4FDA26E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "FB143EE1-4E8A-4ED5-B890-195686BF8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "C5159821-59B6-47BC-B888-BE122D022980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD8C47B-ADDA-4863-85C7-DEACBEF3824F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7E1958-4EE9-443D-B648-B937C4A29478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.1.2j:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7656E4-4F68-4B98-A682-13A1D13600EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB05F642-6396-4FBC-BF59-3C7D513FC022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E46B701-EF2B-4EF3-AE28-E6DC700F5B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B244FB24-0767-4DC4-9988-ED8C5D9D9A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA4E8C-F140-4E39-9A6F-7883F2822499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contienen una inyecci\u00f3n de c\u00f3digo y una vulnerabilidad de escalada de privilegios"
}
],
"id": "CVE-2020-15371",
"lastModified": "2024-11-21T05:05:26.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T14:15:13.597",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1080"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-03 21:29
Modified
2024-11-21 04:10
Severity ?
Summary
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el comando configdownload de la interfaz de l\u00ednea de comandos de Brocade Fabric OS en versiones anteriores a la 8.2.1, 8.1.2f, 8.0.2f y 7.4.2d podr\u00eda permitir que un atacante local escapa del shell restringido y obtener acceso root."
}
],
"id": "CVE-2018-6439",
"lastModified": "2024-11-21T04:10:40.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-03T21:29:00.227",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-01 23:15
Modified
2024-11-21 08:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "063BAB50-FB8B-4DA4-9DBD-430F3827185F",
"versionEndExcluding": "9.1.1c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nBrocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, \u201croot\u201d account access is disabled.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones de Brocade Fabric OS anteriores a Brocade Fabric OS v9.1.1c y v9.2.0 podr\u00edan permitir a un usuario local autenticado con conocimiento de los nombres de ruta completos dentro de Brocade Fabric OS ejecutar cualquier comando independientemente del privilegio asignado. A partir de Fabric OS v9.1.0, el acceso a la cuenta \"root\" est\u00e1 deshabilitado.\n"
}
],
"id": "CVE-2023-31427",
"lastModified": "2024-11-21T08:01:50.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-01T23:15:28.770",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22379"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "sirt@brocade.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-08 19:29
Modified
2024-11-21 04:10
Severity ?
Summary
A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92A8875-D708-46CC-9758-E94551C9E809",
"versionEndExcluding": "7.4.2d",
"versionStartIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200CBDE-6179-45B9-A21A-D66341095B94",
"versionEndExcluding": "8.0.2f",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5782411-927C-43DD-A7B2-E114402715E0",
"versionEndExcluding": "8.1.2f",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD800AD8-1792-4D0B-BE9C-FDCE1BF6BE31",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el comando supportsave de las versiones de la interfaz de l\u00ednea de comandos (CLI) de Brocade Fabric OS en versiones anteriores a la 8.2.1, 8.1.2f, 8.0.2f, 8.4.2f y 7.4.2d podr\u00eda permitir que un atacante local escape de la shell restringida y obtenga acceso root."
}
],
"id": "CVE-2018-6438",
"lastModified": "2024-11-21T04:10:40.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-08T19:29:02.630",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-731"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 21:15
Modified
2024-11-21 07:07
Severity ?
Summary
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFC3258-F76D-4FC7-993B-47E516F0C0FA",
"versionEndExcluding": "7.4.2j",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6AC152-58BC-4180-8C73-F1355FC621EC",
"versionEndExcluding": "8.2.3c",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903859B2-AA10-4D3C-90A4-0ECE35BF5B72",
"versionEndExcluding": "9.0.1e",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "379DA47D-6B21-4524-B0E7-2A41A4C8D446",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with \u201cset context\u201d and escalate privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c y 7.4.2j, podr\u00eda permitir a un usuario local autenticado salir de shells restringidos con \"set context\" y escalar privilegios"
}
],
"id": "CVE-2022-33179",
"lastModified": "2024-11-21T07:07:39.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T21:15:46.223",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0004/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-18 18:15
Modified
2024-11-21 05:05
Severity ?
Summary
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@brocade.com | https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493 | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493 | Not Applicable, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | * | |
| broadcom | fabric_operating_system | 8.2.0 | |
| broadcom | fabric_operating_system | 8.2.0 | |
| broadcom | fabric_operating_system | 8.2.0a | |
| broadcom | fabric_operating_system | 8.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "942EE264-4FE0-45C7-A111-0137C18C3962",
"versionEndExcluding": "7.4.2h",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F",
"versionEndExcluding": "9.0.1a",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB05F642-6396-4FBC-BF59-3C7D513FC022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.0:cbn3:*:*:*:*:*:*",
"matchCriteriaId": "34493FD4-A77E-441E-BE4D-F10FE625DE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E46B701-EF2B-4EF3-AE28-E6DC700F5B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8758BE-527C-40EA-BFE6-848A1C87723F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Brocade Fabric OS antes de Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4 y v7.4.2h podr\u00eda permitir a un usuario autenticado de la CLI abusar del comando history para escribir contenido arbitrario en archivos"
}
],
"id": "CVE-2020-15388",
"lastModified": "2024-11-21T05:05:27.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-18T18:15:08.943",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-04 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brocade | silkworm | 3200 | |
| brocade | silkworm | 3250 | |
| brocade | silkworm | 3800 | |
| brocade | silkworm | 3850 | |
| brocade | silkworm | 3900 | |
| brocade | silkworm_fiber_channel_switch | 2010 | |
| brocade | silkworm_fiber_channel_switch | 2040 | |
| brocade | silkworm_fiber_channel_switch | 2050 | |
| engenio | storage_controller | 2822 | |
| engenio | storage_controller | 2882 | |
| engenio | storage_controller | 4884 | |
| engenio | storage_controller | 5884 | |
| ibm | ds4100 | * | |
| storagetek | d280 | * | |
| broadcom | fabric_operating_system | 2.1.2 | |
| broadcom | fabric_operating_system | 2.2 | |
| broadcom | fabric_operating_system | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:brocade:silkworm:3200:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF1ED4B-1AEF-4EA4-B97E-A959C0FB9BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3250:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0787B5-F7D2-4F3B-91B7-D63FC8EC93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3800:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE6F784-D1CA-4545-B5A4-104904A67CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3850:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A67E41-67F1-46BC-97F0-04859F188609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3900:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3F08A6-0928-4654-8AC5-45EA7FB1C397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "8ABE8C25-072D-4444-9C70-CFBA055603B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2040:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DCB605-E91E-4F9A-99FF-82E7FF3DEE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2050:*:*:*:*:*:*:*",
"matchCriteriaId": "260CD57E-6A9D-4507-A3CE-385E6D67AB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:2822:*:*:*:*:*:*:*",
"matchCriteriaId": "31B1F6AA-6AF8-4D36-9E17-37EA7B8EAAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:2882:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC140B1-6C03-4DF7-8B3D-BA23BDA91614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:4884:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F6F87E-31C4-4A6C-81C0-DEB055341C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:5884:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BCE31D-1E12-48D5-94DF-A650975A292C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:storagetek:d280:*:*:*:*:*:*:*:*",
"matchCriteriaId": "353AFDAB-9369-4FC2-81EC-1CE5ACB418C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B419E9E-A92F-4773-B64D-F6A9D595666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09357B7C-2D5C-4C4C-A630-92E93A00F366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48535F1A-DDEA-4225-9592-7890E3CB7F64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
],
"id": "CVE-2004-1663",
"lastModified": "2024-11-20T23:51:26.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12464"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 16:15
Modified
2024-11-21 05:05
Severity ?
Summary
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | fabric_operating_system | 8.2.3 | |
| broadcom | fabric_operating_system | 9.0.0a | |
| broadcom | fabric_operating_system | 9.0.0b | |
| broadcom | fabric_operating_system | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8758BE-527C-40EA-BFE6-848A1C87723F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.0.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "194BFCDA-1FBD-4082-9792-A3F0C72CDA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "21C4BCF7-4B42-4D32-B9CF-FBC5C882F08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3AAD9957-CACE-472A-86F5-144AEA651948",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations."
},
{
"lang": "es",
"value": "Brocade Fabric OS versiones anteriores a v9.0.1a y 8.2.3a y posteriores a v9.0.0 y 8.2.2d, puede observar una alta carga de la CPU durante un escaneo de seguridad, lo que podr\u00eda conllevar una respuesta m\u00e1s lenta a los comandos CLI y otras operaciones"
}
],
"id": "CVE-2020-15386",
"lastModified": "2024-11-21T05:05:27.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T16:15:08.270",
"references": [
{
"source": "sirt@brocade.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "sirt@brocade.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210819-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1495"
}
],
"sourceIdentifier": "sirt@brocade.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}