BSA-2020-1081
21594
20 November 2020
08 September 2020
Closed
Medium
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N - 5.5
No
CVE-2020-15372
Summary Security Advisory ID : BSA-2020-1081 Component : shell variables Revision : 2.0
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
Affected Products
Brocade Fabric OS versions before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0.
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
Solution
A security update is provided in Brocade Fabric OS versions v8.2.2a1, v8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0.
All later versions of Brocade Fabric OS, including all FOS 9.X releases, will also contain this same security update.
Recommended Action
Brocade recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade Fabric OS to obtain this update.
Credit
This issue was discovered through security testing.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | September 08, 2020 |
2.0 | CVSS Score updated | November 20, 2020 |