Security Bulletin: IBM b-type SAN Network/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227).

Summary

IBM b-type SAN Network/Storage switches has addressed the following vulnerability. Fabric OS is vulnerable to a denial of service, caused by a CPU consumption in the IPv6 stack. By sending-crafted Router Advertisement (RA) messages, a remote attacker could exploit this vulnerability to cause the device to hang.

Vulnerability Details

CVEID:CVE-2017-6227**
DESCRIPTION: *Brocade Fabric OS is vulnerable to a denial of service, caused by a CPU consumption in the IPv6 stack. By sending-crafted Router Advertisement (RA) messages, a remote attacker could exploit this vulnerability to cause the device to hang.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138942 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected IBM b-type Network/Storage switches

|

Affected Versions

—|—
FOS Firmware| 7.X prior to 7.4.2b
FOS Firmware| 8.X prior to 8.1.2a

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
FOS Firmware| 7.4.2b| <ftp://public.dhe.ibm.com/storage/san/fos7/v7.4.2b_ReleaseNotes_v1.0.pdf&gt;
FOS Firmware| 8.1.2a| <ftp://public.dhe.ibm.com/storage/san/fos8/v8.1.2a_ReleaseNotes_v1.0.pdf&gt;

Workarounds and Mitigations

None