Improper Input Validation in Brocade Fabric OS Web Management Interface
CVE-2021-27792

7.8HIGH

Key Information:

Vendor: Broadcom
Status: Brocade Fabric Os
Vendor: CVE Published:; 12 August 2021

What is CVE-2021-27792?

The request handling functions in the web management interface of Brocade Fabric OS are susceptible to improper input validation. This flaw allows authenticated attackers to manipulate user input, which can lead to the FOS HTTP application handler crashing. As a consequence, the affected service may require a reboot to restore functionality. This vulnerability exists in versions prior to v9.0.1a, v8.2.3a, and v7.4.2h, posing a risk to system availability.

Affected Version(s)

Brocade Fabric OS Brocade Fabric OS versions before v9.0.1a, and v8.2.3a, and v7.4.2h

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210819-0002/

x_refsource_CONFIRM

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2021
Vulnerability Reserved
Feb 26, 2021

Broadcom

What is CVE-2021-27792?

Affected Version(s)

References

CVSS V3.1

Timeline