BSA-2021-1721
21308
16 February 2022
16 February 2022
Closed
Medium
CVSS Score 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
N/A
CVE-2021-27796
Summary Security Advisory ID : BSA-2021-1721 Component : shell Revision : 1.0
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user†or “factory†account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
An attacker gains complete knowledge of any file contents on the system with what seems to be the equivalent of root permissions. This could lead to a complete compromise of data confidentiality.
Affected Products
Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d.
Products Confirmed Not Vulnerable
Brocade Fabric OS v9.0.0, v7.4.2, v8.0.2, and later are not impacted.
Solution
Brocade has provided Security update in Brocade Fabric OS versions Brocade Fabric OS v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d. Brocade recommends upgrading to these versions or later to receive the security update.
Credit
Brocade would like to thank “Cody Martin†from Black Lantern Security for reporting this issue in Brocade Fabric OS: v7.4.1b, and v7.3.1d.
Note:
Brocade Fabric OS: v7.4.1b and v7.3.1d have reached End of Availability (EOA) and are no longer supported. Brocade also recommends Customers run supported Brocade software versions.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | February 14, 2022 |