CVE-2021-27791
published 2021-08-12CVE-2021-27791: The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to…
PriorityP434medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.60%
44.4th percentile
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | fabric_operating_system | >= 8.2.1 < 8.2.3a | 8.2.3a |
| broadcom | fabric_operating_system | >= 9.0.0 < 9.0.1a | 9.0.1a |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://security.netapp.com/advisory/ntap-20210819-0002/https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491https://security.netapp.com/advisory/ntap-20210819-0002/https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491
2021-08-12
Published