CVE-2021-27792Improper Input Validation in Fabric Operating System

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedAug 12
Latest updateMay 24

Description

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions before v9.0.1a, and v8.2.3a, and v7.4.2h
NVDbroadcom/fabric_operating_system8.0.08.2.3a+2

🔴Vulnerability Details

2
GHSA
GHSA-v38r-g8mp-wm8f: The command “ipfilter” in Brocade Fabric OS before Brocade Fabric OS v2022-05-24
CVEList
CVE-2021-27792: The request handling functions in web management interface of Brocade Fabric OS versions before v92021-08-12
CVE-2021-27792 — Improper Input Validation | cvebase