Information Exposure in Brocade Fabric OS by Broadcom
CVE-2021-27789

6.5MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Fabric Os
Vendor: CVE Published:; 18 March 2022

Summary

The web application of Brocade Fabric OS before versions 9.0.1a and 8.2.3a includes debug statements that can result in the disclosure of sensitive information via the standard output device. If an attacker gains access to the FOS system, they could exploit this vulnerability to retrieve sensitive data such as user credentials, potentially compromising system integrity and user privacy.

Affected Version(s)

Brocade Fabric OS Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 18, 2022
Vulnerability Reserved
Feb 26, 2021