CVE-2020-15376 — Incorrect Authorization in Fabric Operating System

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedDec 11

Latest updateMay 24

Description

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions before v9.0.0 and after version v8.1.0

▶NVDbroadcom/fabric_operating_system8.1.0 — 9.0.0

🔴Vulnerability Details

GHSA

GHSA-8xrx-q7v8-89j4: Brocade Fabric OS versions before v9↗2022-05-24

▶

CVEList

CVE-2020-15376: Brocade Fabric OS versions before v9↗2020-12-11

▶