Search...

CVE-2019-16204

2020-02-05T16:15:00

ID CVE-2019-16204
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-16204", "bulletinFamily": "NVD", "title": "CVE-2019-16204", "description": "Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.", "published": "2020-02-05T16:15:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16204", "reporter": "cve@mitre.org", "references": ["https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-905", "https://security.netapp.com/advisory/ntap-20200511-0007/"], "cvelist": ["CVE-2019-16204"], "type": "cve", "lastseen": "2020-12-09T21:41:45", "edition": 9, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "lenovo", "idList": ["LENOVO:PS500308-BROCADE-FABRIC-OS-VULNERABILITY-NOSID", "LENOVO:PS500308-NOSID"]}], "modified": "2020-12-09T21:41:45", "rev": 2}, "score": {"value": 3.5, "vector": "NONE", "modified": "2020-12-09T21:41:45", "rev": 2}, "vulnersScore": 3.5}, "cpe": [], "affectedSoftware": [{"cpeName": "brocade:fabric_os", "name": "brocade fabric os", "operator": "lt", "version": "8.1.2j"}, {"cpeName": "brocade:fabric_os", "name": "brocade fabric os", "operator": "lt", "version": "7.4.2f"}, {"cpeName": "brocade:fabric_os", "name": "brocade fabric os", "operator": "lt", "version": "8.2.2a"}, {"cpeName": "brocade:fabric_os", "name": "brocade fabric os", "operator": "lt", "version": "8.2.1d"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-532"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.2.1d:*:*:*:*:*:*:*", "versionEndExcluding": "8.2.1d", "versionStartIncluding": "8.2.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.2.2a:*:*:*:*:*:*:*", "versionEndExcluding": "8.2.2a", "versionStartIncluding": "8.2.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:brocade:fabric_os:7.4.2f:*:*:*:*:*:*:*", "versionEndExcluding": "7.4.2f", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:brocade:fabric_os:8.1.2j:*:*:*:*:*:*:*", "versionEndExcluding": "8.1.2j", "versionStartIncluding": "8.1.2", "vulnerable": true}], "operator": "OR"}]}}

{"lenovo": [{"lastseen": "2020-10-14T09:02:20", "bulletinFamily": "info", "cvelist": ["CVE-2019-16204"], "description": "**Lenovo Security Advisory:** LEN-30367\n\n**Potential Impact**: Information Disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2019-16204\n\n**Summary Description: **\n\nBrocade has released software security updates for Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d. The updates address vulnerabilities which could expose external passwords, common secrets or authentication keys used between the switch and an external server. \n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nBrocade recommends upgrading to Brocade Fabric OS versions v7.4.2f, v8.2.2a, v8.1.2j, and v8.2.1d or higher as applicable.\n", "edition": 53, "modified": "2020-02-11T22:23:54", "published": "2020-02-09T03:32:47", "id": "LENOVO:PS500308-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500308", "title": "Brocade Fabric OS Vulnerability - Lenovo Support US", "type": "lenovo", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-21T07:27:01", "bulletinFamily": "info", "cvelist": ["CVE-2019-16204"], "description": "**Lenovo Security Advisory:** LEN-30367\n\n**Potential Impact**: Information Disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2019-16204\n\n**Summary Description: **\n\nBrocade has released software security updates for Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d. The updates address vulnerabilities which could expose external passwords, common secrets or authentication keys used between the switch and an external server. \n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nBrocade recommends upgrading to Brocade Fabric OS versions v7.4.2f, v8.2.2a, v8.1.2j, and v8.2.1d or higher as applicable.\n", "edition": 31, "modified": "2020-02-11T22:23:54", "published": "2020-02-09T03:32:47", "id": "LENOVO:PS500308-BROCADE-FABRIC-OS-VULNERABILITY-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500308-brocade-fabric-os-vulnerability", "title": "Brocade Fabric OS Vulnerability - Lenovo Support US", "type": "lenovo", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}