The following vulnerabilities in Brocade Fabric OS, allowing cross-site scripting (XSS) in the web-based management interface and denial of service caused by an adjacent attacker sending crafted Router Advertisement messages, have been addressed by IBM Flex System FC5022 16Gb SAN Scalable Switch.
CVEID: CVE-2017-6225 DESCRIPTION: Brocade Fabric OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138944> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2017-6227 DESCRIPTION: Brocade Fabric OS is vulnerable to a denial of service, caused by a CPU consumption in the IPv6 stack. By sending-crafted Router Advertisement (RA) messages, a remote attacker could exploit this vulnerability to cause the device to hang.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138942> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Product
|
Affected Version
—|—
IBM Flex System FC5022 16Gb SAN Scalable Switch
|
8.0
Firmware fix versions are available on Fix Central: [http://www.ibm.com/support/fixcentral/](<http://www.ibm.com/support/fixcentral/ >)[ ](<http://www.ibm.com/support/fixcentral/ >)
Product
|
Fix Version
—|—
IBM Flex System FC5022 16Gb SAN Scalable Switch
(brcd_fw_bcsw_8.2.0_anyos_noarch)
|
8.2.0
None
CPE | Name | Operator | Version |
---|---|---|---|
pureflex system & flex system | eq | any |