CVE-2021-27798 — Path Traversal in Fabric OS

CWE-22 — Path Traversal3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 73.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Brocade Fabric OS Broadcom Fabric Operating System

Timeline

PublishedAug 5

Latest updateAug 6

Description

A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions 7.4.1.x and 7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life published report.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5brocade/brocade_fabric_osBrocade Fabric OS 7.4.1b, and 7.3.1d.

▶NVDbroadcom/fabric_operating_system7.3.1d, 7.4.1b+1

🔴Vulnerability Details

GHSA

GHSA-3w97-9v6v-7c57: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7↗2022-08-06

▶

CVEList

privileged directory transversal.in Brocade Fabric OS versions 7.4.1.x and 7.3.x↗2022-08-05

▶