CVE-2021-27791 — Out-of-bounds Read in Fabric Operating System

CWE-125 — Out-of-bounds Read CWE-287 — Improper Authentication3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 41.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedAug 12

Latest updateMay 24

Description

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS before Brocade Fabric OS v9.0.1a and v8.2.3a

▶NVDbroadcom/fabric_operating_system8.2.1 — 8.2.3a+1

🔴Vulnerability Details

GHSA

GHSA-vg73-mjx3-8p9g: The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9↗2022-05-24

▶

CVEList

CVE-2021-27791: The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9↗2021-08-12

▶