9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
83.0%
**Lenovo Security Advisory:**LEN-46654
**Potential Impact:**Privilege escalation, denial of service, information disclosure
**Severity:**High
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2018-6447, CVE-2018-6448, CVE-2018-6449, CVE-2019-16211, CVE-2019-16212, CVE-2020-15369, CVE-2020-15370, CVE-2020-15371, CVE-2020-15372, CVE-2020-15373, CVE-2020-15374, CVE-2020-15375
Summary Description:
Brocade has reported potential vulnerabilities in Brocade Fabric OS (FOS) and Brocade SANnav that could allow escalation of privilege, denial of service, or information disclosure.
Mitigation Strategy for Customers (what you should do to protect yourself):
Brocade recommends upgrading to Brocade Fabric OS versions v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g or higher as applicable.
Brocade recommends upgrading to Brocade SANnav 2.1.0 or higher.
Product | Minimum Fixed Version |
---|---|
Brocade - 300 FC SAN Switch | 7.4.2g |
Brocade - 6505 FC SAN Switch | 7.4.2g |
Brocade - 6505 FC SAN Switch | 8.2.2c |
Brocade - 6505 FC SAN Switch | 9.0.0b |
Brocade - 6510 FC SAN Switch | 7.4.2g |
Brocade - 6510 FC SAN Switch | 8.2.2c |
Brocade - 6510 FC SAN Switch | 9.0.0b |
Lenovo - B300 FC SAN Switch | 7.4.2g |
Lenovo - B6505 FC SAN Switch | 7.4.2g |
Lenovo - B6505 FC SAN Switch | 8.2.2c |
Lenovo - B6505 FC SAN Switch | 9.0.0b |
Lenovo - B6510 FC SAN Switch | 7.4.2g |
Lenovo - B6510 FC SAN Switch | 8.2.2c |
Lenovo - B6510 FC SAN Switch | 9.0.0b |
Lenovo ThinkSystem DB400D FC Switch | 8.2.2c |
Lenovo ThinkSystem DB400D FC Switch | 9.0.0b |
Lenovo ThinkSystem DB610S FC Switch | 8.2.2c |
Lenovo ThinkSystem DB610S FC Switch | 9.0.0b |
Lenovo ThinkSystem DB620S FC Switch | 8.2.2c |
Lenovo ThinkSystem DB620S FC Switch | 9.0.0b |
Lenovo ThinkSystem DB630S FC Switch | 8.2.2c |
Lenovo ThinkSystem DB630S FC Switch | 9.0.0b |
Lenovo ThinkSystem DB800D FC Switch | 8.2.2c |
Lenovo ThinkSystem DB800D FC Switch | 9.0.0b |
References:
CVE-2018-6447: BSA-2020-1073
CVE-2018-6448: BSA-2020-1075
CVE-2018-6449: BSA-2020-1077
CVE-2019-16211: BSA-2020-1076
CVE-2019-16212: BSA-2020-1074
CVE-2020-15369: BSA-2020-1078
CVE-2020-15370: BSA-2020-1079
CVE-2020-15371: BSA-2020-1080
CVE-2020-15372: BSA-2020-1081
CVE-2020-15373: BSA-2020-1082
CVE-2020-15374: BSA-2020-1083
CVE-2020-15375: BSA-2020-1084
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2020-10-13 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
83.0%