BSA-2016-168
21622
21 December 2018
03 October 2016
Closed
High
7.5
N/A
CVE-2016-8203
Summary
Security Advisory ID : BSA-2016-168
Component : NetIron
Revision : 2.0: Final
A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets.
Affected Products| Product | Current Assessment |
|---|---|
| Brocade NetIron | Impacted: All Brocade MLX Line Cards running NetIron 5.8.00 through 5.8.00, 5.9.00 through 5.9.00bd, 6.0.00, and 6.00a images. |
Brocade NetIron CES/CER and/or any Brocade NetIron software version prior to 5.8.00 are not affected.
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Brocade strongly recommends that all customers running the impacted version(s) install the patch.
Brocade has fixed the vulnerability described in this advisory in NetIron 5.8.00ec, 5.9.00be and 6.0.00ab and later releases. The patch releases have been posted to the MyBrocade web portal.
WorkaroundThere are no workarounds that address this vulnerability.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | October 03, 2016 |
| 2.0 | Updated to cover Fiber Channel | December 21, 2018 |