cbcvebase.
CVE-2021-27791
published 2021-08-12

CVE-2021-27791: The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to…

PriorityP434medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.60%
44.4th percentile
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

Affected

2 ranges
VendorProductVersion rangeFixed in
broadcomfabric_operating_system>= 8.2.1 < 8.2.3a8.2.3a
broadcomfabric_operating_system>= 9.0.0 < 9.0.1a9.0.1a

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.