BSA-2021-1291
21319
10 May 2021
08 February 2021
Closed
Medium
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - 5.9
Yes
CVE-2020-15387
Summary Security Advisory ID : BSA-2021-1291 Component : SSH Revision : 2.0: Final
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
Note: New Standard for SSL Certificates Industry standards set by the Certification Authority/Browser (CA/B) Forum require that certificates issued after January 1, 2014 MUST be at least 2048-bit key length.
Affected Products
Security update provided in Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0 and Brocade SANnav v2.1.1
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
Workaround
Brocade Fabric OS
From the cli perform the following:
Delete the existing 1048 RSA and DSA keys using commands:
#sshutil delhostkey -dsa <deletes DSA 1024 key>
#sshutil delhostkey -rsa <deletes 1024 RSA key>
Manually create the key.
#sshutil genhostkey -rsa
Verify the newly created key.
#sshutil showhostkey
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | Feb 8, 2021 |
2.0 | Added Brocade SANnav | May 10, 2021 |