Fabric Operating System@* Security Vulnerabilities and Issues — Fabric Operating System@* CVE List

Lucene search

BroadcomFabric Operating System*

7 matches found

CVE•added 2021/08/12 3:15 p.m.•60 views

CVE-2021-27793

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

5.3CVSS5.2AI score0.00323EPSS

CVE•added 2021/08/12 3:15 p.m.•47 views

CVE-2021-27794

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

7.8CVSS7.7AI score0.00058EPSS

CVE•added 2021/06/09 4:15 p.m.•46 views

CVE-2020-15387

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

7.4CVSS7.3AI score0.00124EPSS

CVE•added 2021/06/09 3:15 p.m.•41 views

CVE-2020-15383

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

7.5CVSS7.5AI score0.00468EPSS

CVE•added 2021/08/12 3:15 p.m.•36 views

CVE-2021-27790

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as ...

7.8CVSS7.9AI score0.00049EPSS

CVE•added 2021/08/12 3:15 p.m.•36 views

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An un...

5.5CVSS5.7AI score0.00366EPSS

CVE•added 2021/08/12 3:15 p.m.•36 views

CVE-2021-27792

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to cra...

7.8CVSS7.3AI score0.00051EPSS