CVE-2021-27790 — Out-of-bounds Write in Fabric Operating System

CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 84.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedAug 12

Latest updateMay 24

Description

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h

▶NVDbroadcom/fabric_operating_system8.0.0 — 8.2.0_cbn4+3

🔴Vulnerability Details

GHSA

GHSA-qp38-g7j8-6pgx: The command “ipfilter” in Brocade Fabric OS before Brocade Fabric OS v↗2022-05-24

▶

CVEList

CVE-2021-27790: The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v↗2021-08-12

▶