This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Broadcom First view 2004-09-04
Product Fabric Operating System Last view 2021-08-12
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:* 38
cpe:2.3:o:broadcom:fabric_operating_system:3.1:*:*:*:*:*:*:* 31
cpe:2.3:o:broadcom:fabric_operating_system:2.1.2:*:*:*:*:*:*:* 31
cpe:2.3:o:broadcom:fabric_operating_system:2.2:*:*:*:*:*:*:* 31
cpe:2.3:o:broadcom:fabric_operating_system:5.2.0a:*:*:*:*:*:*:* 30
cpe:2.3:o:broadcom:fabric_operating_system:7.4.0:*:*:*:*:*:*:* 30
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1d:*:*:*:*:*:*:* 30
cpe:2.3:o:broadcom:fabric_operating_system:5.2.0:*:*:*:*:*:*:* 30
cpe:2.3:o:broadcom:fabric_operating_system:5.0.5b:*:*:*:*:*:*:* 30
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1e:*:*:*:*:*:*:* 30
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1c:*:*:*:*:*:*:* 30
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1b:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:7.4.1a:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:* 29
cpe:2.3:o:broadcom:fabric_operating_system:8.0.0:*:*:*:*:*:*:* 28
cpe:2.3:o:broadcom:fabric_operating_system:8.0.1:*:*:*:*:*:*:* 28
cpe:2.3:o:broadcom:fabric_operating_system:8.1.1:*:*:*:*:*:*:* 28
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2:*:*:*:*:*:*:* 28
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2f:*:*:*:*:*:*:* 27
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0:*:*:*:*:*:*:* 27
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2:*:*:*:*:*:*:* 27
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2a:*:*:*:*:*:*:* 27
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2c:*:*:*:*:*:*:* 27
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2d:*:*:*:*:*:*:* 27
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2f:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2j:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.2.0:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2e:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2d:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2c:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2b:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.2a:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.1a:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0c:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0b:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.1.0a:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2f:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2d:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2c:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2b:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.0.2a:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.0.1b:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.0.1a:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:8.2.0a:*:*:*:*:*:*:* 26
cpe:2.3:o:broadcom:fabric_operating_system:7.4.2g:*:*:*:*:*:*:* 26

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2021-08-12 CVE-2021-27794

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

5.3 2021-08-12 CVE-2021-27793

ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.

7.8 2021-08-12 CVE-2021-27792

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

5.4 2021-08-12 CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

7.8 2021-08-12 CVE-2021-27790

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.

7.4 2021-06-09 CVE-2020-15387

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

5.3 2021-06-09 CVE-2020-15386

Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.

7.5 2021-06-09 CVE-2020-15383

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

3.7 2021-04-01 CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

5.3 2021-04-01 CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

5.9 2021-01-04 CVE-2019-25013

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

4.3 2020-12-11 CVE-2020-15376

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

6.7 2020-12-11 CVE-2020-15375

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

9.8 2020-09-25 CVE-2020-15374

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

9.8 2020-09-25 CVE-2020-15373

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

5.5 2020-09-25 CVE-2020-15372

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.

9.8 2020-09-25 CVE-2020-15371

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

6.5 2020-09-25 CVE-2020-15370

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.

8.8 2020-09-25 CVE-2020-15369

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

6.1 2020-09-25 CVE-2018-6449

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

7.5 2020-09-25 CVE-2018-6448

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

5.4 2020-09-25 CVE-2018-6447

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

7.8 2020-07-24 CVE-2020-15778

** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

6.5 2020-05-28 CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

7.5 2020-04-21 CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

CWE : Common Weakness Enumeration

%idName
13% (4) CWE-20 Improper Input Validation
10% (3) CWE-532 Information Leak Through Log Files
10% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (2) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
6% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
6% (2) CWE-287 Improper Authentication
3% (1) CWE-521 Weak Password Requirements
3% (1) CWE-476 NULL Pointer Dereference
3% (1) CWE-384 Session Fixation
3% (1) CWE-326 Inadequate Encryption Strength
3% (1) CWE-295 Certificate Issues
3% (1) CWE-290 Authentication Bypass by Spoofing
3% (1) CWE-264 Permissions, Privileges, and Access Controls
3% (1) CWE-254 Security Features
3% (1) CWE-200 Information Exposure
3% (1) CWE-190 Integer Overflow or Wraparound
3% (1) CWE-125 Out-of-bounds Read
3% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Open Source Vulnerability Database (OSVDB)

id Description
9662 Multiple Logic Controllers Malformed TCP Packet DoS