BSA-2021-1013
21290
15 June 2022
10 July 2021
Closed
Medium
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - 9.8
Yes
CVE-2020-10188
Summary Security Advisory ID : BSA-2021-1013 Component : Telnet Revision : 1.0: Final
A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server.
Affected Products
- All Brocade Fabric OS Versions before v9.0.0a and Brocade Fabric OS versions v9.0.1 through v9.0.1d
- Security update provided in Brocade Fabric OS: v9.1.0, v9.0.1e, v9.0.0a, v8.1.2k, v8.2.1e, v8.2.0_CBN3, v8.2.2c, v7.4.2h
Security update provided in Brocade Fabric v9.0.0a, v8.1.2k, v8.2.1e, v8.2.0_CBN3, v8.2.2c, v7.4.2h
Products Confirmed Not VulnerableNo other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
Workaround
Prohibit the use of telnet.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | Jul 09, 2021 |
2.0 | update Fixed Releases | Jun 15, 2022 |