Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM37867C53B00EE5E25F7728E3883F07C1A5873285958B29BFCA56185F0BAE581A
HistoryFeb 28, 2023 - 1:48 a.m.

Security Bulletin: IBM b-type SAN directors and switches is affected by privilege escalation vulnerability (CVE-2016-8202).

2023-02-2801:48:51
www.ibm.com
30
ibm b-type
san directors
switches
privilege escalation
vulnerability
brocade fabric os
cve-2016-8202
fos 7.x
fos 8.x
remediation
fix

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.3%

JSON

Summary

IBM b-type SAN directors and switches has addressed the privilege escalation vulnerability (CVE-2016-8202).

Vulnerability Details

CVEID:CVE-2016-8202**
DESCRIPTION: *Brocade Fabric OS could allow a remote authenticated attacker to gain elevated privileges on the system. By sending specially-crafted commands and parameters on the command line interface, an attacker could exploit this vulnerability to gain privileges on the system.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125666 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected IBM b-type Directors and switches

|

Affected Versions

—|—
FOS| FOS 7.X versions Prior to 7.4.1d
FOS| FOS 8.X versions Prior to 8.0.1b

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
FOS| 7.4.1d| <http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003855&gt;
FOS| 8.0.1b| <http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577&gt;

Workarounds and Mitigations

NA

Affected configurations

Vulners
Node
ibmstorage_protectMatchany
OR
ibmibm_san24b_series_switches_6.2.2gMatchany
OR
ibmibm_san24b_series_switches_6.2.2gMatchany
OR
ibmstorage_protectMatchany
OR
ibmstorage_protectMatchany
OR
ibmsan384b_fabric_backbone_\(2499-192\)Matchany
OR
ibmsan06b-r_\(2498-r06\)Matchany
OR
ibmscale_out_network_attached_storageMatchany
OR
ibmstorage_protectMatchany
OR
ibmsystem_networking_switch_centerMatchany
OR
ibmsan768b_fabric_backbone_\(2499-384\)Matchany
OR
ibmscale_out_network_attached_storageMatchany

Related

cve 1
lenovo 2
prion 1
ibm 1
cvelist 1
nvd 1
cve
cve
CVE-2016-8202
2017-05-08 18:29:00
lenovo
lenovo
Brocade Fibre Channel SAN Privilege Escalation - us
2017-06-07 00:00:00
Brocade Fibre Channel SAN Privilege Escalation - Lenovo Support US
2017-06-07 00:00:00
prion
prion
Privilege escalation
2017-05-08 18:29:00
ibm
ibm
Security Bulletin: A privilege escalation vulnerability affects Brocade Fibre Channel SAN products IBM Flex System FC5022 16Gb SAN Scalable Switch and Fabric OS firmware for Brocade 8Gb SAN Switch Module for IBM BladeCenter (CVE-2016-8202)
2019-01-31 02:25:02
cvelist
cvelist
CVE-2016-8202
2017-05-08 18:00:00
nvd
nvd
CVE-2016-8202
2017-05-08 18:29:00

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.3%

JSON
Related for 37867C53B00EE5E25F7728E3883F07C1A5873285958B29BFCA56185F0BAE581A
cve1lenovo2prion1ibm1cvelist1nvd1