BSA-2020-1079
21599
20 November 2020
08 September 2020
Closed
Medium
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N - 5.0
No
CVE-2020-15370
Summary Security Advisory ID : BSA-2020-1079 Component : firmwareDownload Revision : 2.0
A vulnerability in the firmwaredownload operation in Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
Note: Brocade Fabric OS versions 8x, 9x, and later releases are not affected.
Affected Products
Brocade Fabric OS versions before Fabric OS v7.4.2g
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
Solution
A security update is provided in Brocade Fabric OS version v7.4.2g.
Recommended Action
Brocade strongly recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade Fabric OS to obtain this update.
Credit
This issue was discovered through security testing.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | September 08, 2020 |
| 2.0 | CVSS Score update | November 20, 2020 |