CVE-2020-15369 — Weak Password Requirements in Fabric OS

CWE-521 — Weak Password Requirements3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 55.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Brocade Fabric OS Broadcom Fabric Operating System

Timeline

PublishedSep 25

Latest updateMay 24

Description

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c

▶NVDbroadcom/fabric_operating_system9 versions+8

🔴Vulnerability Details

GHSA

GHSA-2gvj-wc75-xpj8: Supportlink CLI in Brocade Fabric OS Versions v8↗2022-05-24

▶

CVEList

CVE-2020-15369: Supportlink CLI in Brocade Fabric OS Versions v8↗2020-09-25

▶