CVE-2020-15375 — Improper Input Validation in Fabric Operating System

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 84.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedDec 11

Latest updateMay 24

Description

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g

▶NVDbroadcom/fabric_operating_system8.0.0 — 8.1.2k+4

🔴Vulnerability Details

GHSA

GHSA-3255-v6mp-wmgf: Brocade Fabric OS versions before v9↗2022-05-24

▶

CVEList

CVE-2020-15375: Brocade Fabric OS versions before v9↗2020-12-11

▶