BSA-2021-1492

Brocade Fabric OS

2 more products

21315

27 July 2021

10 May 2021

Closed

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - 7.8

N/A

CVE-2021-27790

Summary

Security Advisory ID : BSA-2021-1492

Component : ipfilter

Revision : 1.1


The command “ipfilter” in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

Affected Products

Brocade Fabric OS versions before v9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h.

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update has been provided in Brocade Fabric OS versions v9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h.

Credit

This issue was discovered through security testing.

Revision History

Version Change Date
1.0 Initial Publication May 10, 2021
1.1Added v7.4.2hJuly 27, 2021