Authentication Bypass in Brocade Fabric OS by Broadcom
CVE-2021-27791

5.4MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Fabric Os
Vendor: CVE Published:; 12 August 2021

What is CVE-2021-27791?

A vulnerability exists in the way Brocade Fabric OS Web application service processes the Authentication header before versions v9.0.1a and v8.2.3a. An attacker exploiting this flaw could send a malformed authentication header, allowing them to read memory addresses beyond the intended range. This could facilitate access to the system without proper authentication, posing significant security risks.

Affected Version(s)

Brocade Fabric OS Brocade Fabric OS before Brocade Fabric OS v9.0.1a and v8.2.3a

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210819-0002/

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2021
Vulnerability Reserved
Feb 26, 2021