CVE-2020-15372 — Improper Control of Dynamically-Managed Code Resources in Fabric Operating System

CWE-913 — Improper Control of Dynamically-Managed Code Resources3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 78.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedSep 25

Latest updateMay 24

Description

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0

▶NVDbroadcom/fabric_operating_system8.0.0 — 8.1.2k+5

🔴Vulnerability Details

GHSA

GHSA-q358-8xv4-rg52: A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8↗2022-05-24

▶

CVEList

CVE-2020-15372: A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8↗2020-09-25

▶