CVE-2020-15371 — Code Injection in Fabric OS

CWE-94 — Code Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 31.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Brocade Fabric OS Broadcom Fabric Operating System

Timeline

PublishedSep 25

Latest updateMay 24

Description

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions after v8.0.0 and before Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3.

▶NVDbroadcom/fabric_operating_system35 versions+34

🔴Vulnerability Details

GHSA

GHSA-83wr-vr8p-fw3c: Brocade Fabric OS versions before Brocade Fabric OS v9↗2022-05-24

▶

CVEList

CVE-2020-15371: Brocade Fabric OS versions before Brocade Fabric OS v9↗2020-09-25

▶