Insecure SSH Key Length in Brocade Fabric OS and SANnav
CVE-2020-15387

7.4HIGH

Key Information:

Vendor: Broadcom
Status: Brocade Sannav & Brocade Fabric Os
Vendor: CVE Published:; 9 June 2021

Summary

The SSH servers in Brocade Fabric OS prior to version 7.4.2h, 8.2.1c, 8.2.2, 9.0.0, and the Brocade SANnav prior to version 2.1.1 utilize encryption keys that are shorter than the recommended 2048 bits. This weakness may allow attackers to exploit man-in-the-middle attacks, potentially leading to unauthorized access and interception of sensitive data due to insecure SSH communications.

Affected Version(s)

Brocade SANnav & Brocade Fabric OS Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0 and Brocade SANnav v2.1.1

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Jun 29, 2020