Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBB78717D0533DBE41202EF8A1FD309D2301BD93987C9D1AC7B824949662A2DD4
HistoryDec 07, 2023 - 10:31 p.m.

Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in Brocade Fabric OS (CVE-2017-6225 CVE-2017-6227)

2023-12-0722:31:02
www.ibm.com
12
ibm flex system
brocade fabric os
vulnerabilities
cross-site scripting
denial of service
firmware fix

0.003 Low

EPSS

Percentile

66.0%

JSON

Summary

The following vulnerabilities in Brocade Fabric OS, allowing cross-site scripting (XSS) in the web-based management interface and denial of service caused by an adjacent attacker sending crafted Router Advertisement messages, have been addressed by IBM Flex System FC5022 16Gb SAN Scalable Switch.

Vulnerability Details

CVEID: CVE-2017-6225 DESCRIPTION: Brocade Fabric OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138944&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-6227 DESCRIPTION: Brocade Fabric OS is vulnerable to a denial of service, caused by a CPU consumption in the IPv6 stack. By sending-crafted Router Advertisement (RA) messages, a remote attacker could exploit this vulnerability to cause the device to hang.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138942&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Product

|

Affected Version

—|—

IBM Flex System FC5022 16Gb SAN Scalable Switch

|

8.0

Remediation/Fixes

Firmware fix versions are available on Fix Central: [http://www.ibm.com/support/fixcentral/](<http://www.ibm.com/support/fixcentral/ >)[ ](<http://www.ibm.com/support/fixcentral/ >)

Product

|

Fix Version

—|—

IBM Flex System FC5022 16Gb SAN Scalable Switch
(brcd_fw_bcsw_8.2.0_anyos_noarch)

|

8.2.0

Workarounds and Mitigations

None

CPENameOperatorVersion
pureflex system & flex systemeqany

Related

lenovo 2
prion 2
cvelist 2
ibm 2
cve 2
lenovo
lenovo
Brocade Fabric OS Vulnerabilities - Lenovo Support US
2018-03-21 21:29:00
Brocade Fabric OS Vulnerabilities - US
2018-03-21 21:29:00
prion
prion
Cross site scripting
2018-02-08 22:29:00
Race condition
2018-02-08 22:29:00
cvelist
cvelist
CVE-2017-6225
2018-01-31 00:00:00
CVE-2017-6227
2018-01-31 00:00:00
ibm
ibm
Security Bulletin: IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225.
2023-02-28 01:48:51
Security Bulletin: IBM b-type SAN Network/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227).
2023-02-28 01:48:51
cve
cve
CVE-2017-6227
2018-02-08 22:29:00
CVE-2017-6225
2018-02-08 22:29:00

0.003 Low

EPSS

Percentile

66.0%

JSON
Related for BB78717D0533DBE41202EF8A1FD309D2301BD93987C9D1AC7B824949662A2DD4
lenovo2prion2cvelist2ibm2cve2