BSA-2020-1080

Brocade Fabric OS

2 more products

21595

20 November 2020

08 September 2020

Closed

Medium

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.7

No

CVE-2020-15371

Summary

Security Advisory ID : BSA-2020-1080

Component : seccryptocfg templates

Revision : 2.0

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.  The vulnerability could allow an unauthenticated, remote attacker to perform via seccryptocfg templates to perform code injection and privilege escalation.

Note: Brocade Fabric OS versions prior to v8.0.0 are not vulnerable.   Fabric OS versions 7.4.2x are not impacted by this vulnerability

Affected Products

Brocade Fabric OS versions after v8.0.0 and before Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3.

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update is provided in Brocade Fabric OS version v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3.

All later versions of Brocade Fabric OS, including all FOS 9.X releases, will also contain this same security update.

Recommended Action

Brocade recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade Fabric OS to obtain this update.

Credit

This issue was discovered through security testing.

Revision History

Version Change Date
1.0 Initial Publication September 08, 2020
2.0 CVSS Score update November 20, 2020