Improper Input Validation in Brocade Fabric OS Command Line Interface
CVE-2020-15375

6.7MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Fabric Os
Vendor: CVE Published:; 11 December 2020

Summary

An improper input validation weakness exists in the command line interface of Brocade Fabric OS. This issue arises when the 'secccrypptocfg' command is invoked, potentially allowing local authenticated users to execute arbitrary commands. As a result, attackers could perform privilege escalation, which may compromise the integrity and confidentiality of system resources. Upgrading to the patched versions is crucial for maintaining security.

Affected Version(s)

Brocade Fabric OS Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Jun 29, 2020