CVE-2020-15387 — Inadequate Encryption Strength in Brocade Sannav

CWE-326 — Inadequate Encryption Strength3 documents3 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 68.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brocade Sannav Broadcom Fabric Operating System

Timeline

PublishedJun 9

Latest updateMay 24

Description

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDbroadcom/brocade_sannav< 2.1.1

▶NVDbroadcom/fabric_operating_system8.2.0 — 8.2.1+11

🔴Vulnerability Details

GHSA

GHSA-wv2h-444w-8xv6: The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7↗2022-05-24

▶

CVEList

CVE-2020-15387: The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7↗2021-06-09

▶