CVE-2021-27797Hard-coded Credentials in Fabric Operating System

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 47.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedFeb 21
Latest updateFeb 22

Description

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5brocade/brocade_fabric_osBrocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x
NVDbroadcom/fabric_operating_system8.1.28.1.2h+3

🔴Vulnerability Details

2
GHSA
GHSA-8p54-mp5c-w59g: Brocade Fabric OS before Brocade Fabric OS v82022-02-22
CVEList
CVE-2021-27797: Brocade Fabric OS before Brocade Fabric OS v82022-02-21
CVE-2021-27797 — Hard-coded Credentials | cvebase