CVE-2020-15383 — Uncontrolled Resource Consumption in Fabric Operating System

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedJun 9

Latest updateMay 24

Description

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions before v9.0.0, v8.2.2d, and v8.2.1e

▶NVDbroadcom/fabric_operating_system< 8.2.1+8

🔴Vulnerability Details

GHSA

GHSA-69gq-36mp-5w52: Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9↗2022-05-24

▶

CVEList

CVE-2020-15383: Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9↗2021-06-09

▶