Brocade Fabric Os vulnerabilities

CVE-2021-27796 [MEDIUM] CVE-2021-27796: A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8 A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

CVE-2021-27790 [HIGH] CVE-2021-27790: The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

CVE-2021-27792 [HIGH] CVE-2021-27792: The request handling functions in web management interface of Brocade Fabric OS versions before v9 The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

CVE-2021-27794 [HIGH] CVE-2021-27794: A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

CVE-2021-27793 [MEDIUM] CVE-2021-27793: ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9 ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

CVE-2021-27791 [MEDIUM] CVE-2021-27791: The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker coul

CVE-2020-15383 [HIGH] CVE-2020-15383: Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9 Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

CVE-2020-15386 [MEDIUM] CVE-2020-15386: Brocade Fabric OS prior to v9 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

CVE-2020-15375 [MEDIUM] CVE-2020-15375: Brocade Fabric OS versions before v9 Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

CVE-2020-15376 [MEDIUM] CVE-2020-15376: Brocade Fabric OS versions before v9 Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

CVE-2020-15374 [CRITICAL] CVE-2020-15374: Rest API in Brocade Fabric OS v8 Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

CVE-2020-15371 [CRITICAL] CVE-2020-15371: Brocade Fabric OS versions before Brocade Fabric OS v9 Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

CVE-2020-15373 [CRITICAL] CVE-2020-15373: Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8 Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

CVE-2018-6448 [HIGH] CVE-2018-6448: A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9 A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

CVE-2020-15369 [HIGH] CVE-2020-15369: Supportlink CLI in Brocade Fabric OS Versions v8 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

CVE-2018-6447 [MEDIUM] CVE-2018-6447: A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

CVE-2020-15372 [MEDIUM] CVE-2020-15372: A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8 A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.

CVE-2020-15370 [MEDIUM] CVE-2020-15370: Brocade Fabric OS versions before Brocade Fabric OS v7 Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

CVE-2018-6449 [MEDIUM] CVE-2018-6449: Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9 Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

CVE-2019-16204 [HIGH] CWE-532 CVE-2019-16204: Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwo Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.