CVE-2021-27796 — Fabric Operating System vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 45.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Fabric Operating System Brocade Fabric OS

Timeline

PublishedFeb 21

Latest updateFeb 22

Description

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d

▶NVDbroadcom/fabric_operating_system8.0.0 — 8.0.1b+1

🔴Vulnerability Details

GHSA

GHSA-gh9w-mq5f-6242: A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8↗2022-02-22

▶

CVEList

CVE-2021-27796: A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8↗2022-02-21

▶