BSA-2020-1073

Brocade Fabric OS

2 more products

21695

18 November 2020

08 September 2020

Closed

Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - 6.1

No

CVE-2018-6447

Summary

Security Advisory ID : BSA-2020-1073

Component : HTTP Management Interface

Revision : 1.1

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

Affected Products

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g.

Products Confirmed Non Vulnerable

No other Brocade Fiber Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update has been provided in Brocade Fabric OS versions v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g.

All later versions of Brocade Fabric OS, including all FOS 9.X releases, will also contain this same security update.

Recommended Action

Brocade strongly recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade Fabric OS to obtain this update.

Credit:

This issue was discovered through security testing.

Revision History

Version Change Date
1.0 Initial Publication September 08, 2020
1.1 CVSS Vector added November 18, 2020