Lucene search

Fabric Operating System Security Vulnerabilities - 2020

cve

CVE-2018-6447

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

5.4CVSS

6.9AI Score

0.001EPSS

2020-09-25 02:15 PM

cve

CVE-2018-6448

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

7.5CVSS

8.3AI Score

0.002EPSS

2020-09-25 02:15 PM

cve

CVE-2018-6449

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

6.1CVSS

7.8AI Score

0.001EPSS

2020-09-25 02:15 PM

cve

CVE-2019-16203

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

7.5CVSS

7.7AI Score

0.002EPSS

2020-02-05 04:15 PM

cve

CVE-2019-16204

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

7.5CVSS

7.7AI Score

0.002EPSS

2020-02-05 04:15 PM

cve

CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verifica...

6.5CVSS

6.4AI Score

0.006EPSS

2020-05-28 12:15 PM

282

cve

CVE-2020-15369

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote...

8.8CVSS

9.3AI Score

0.001EPSS

2020-09-25 02:15 PM

cve

CVE-2020-15370

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

6.5CVSS

7.8AI Score

0.001EPSS

2020-09-25 02:15 PM

cve

CVE-2020-15371

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

9.8CVSS

9.8AI Score

0.009EPSS

2020-09-25 02:15 PM

cve

CVE-2020-15372

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.

5.5CVSS

7.2AI Score

0.0004EPSS

2020-09-25 02:15 PM

cve

CVE-2020-15373

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

9.8CVSS

9.8AI Score

0.005EPSS

2020-09-25 02:15 PM

cve

CVE-2020-15374

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

9.8CVSS

9.4AI Score

0.002EPSS

2020-09-25 02:15 PM

cve

CVE-2020-15375

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escala...

6.7CVSS

8.1AI Score

0.0004EPSS

2020-12-11 09:15 PM

cve

CVE-2020-15376

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

4.3CVSS

4.6AI Score

0.001EPSS

2020-12-11 09:15 PM

cve

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a grea...

7.8CVSS

7.8AI Score

0.006EPSS

2020-07-24 02:15 PM

24974

cve

CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorit...

7.5CVSS

7.3AI Score

0.081EPSS

2020-04-21 02:15 PM

444

cve

CVE-2020-29660

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

4.4CVSS

6.3AI Score

0.001EPSS

2020-12-09 05:15 PM

274

cve

CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

7.8CVSS

7.9AI Score

0.0005EPSS

2020-12-09 05:15 PM

331