BSA-2021-1492
21315
27 July 2021
10 May 2021
Closed
High
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - 7.8
N/A
CVE-2021-27790
Summary Security Advisory ID : BSA-2021-1492 Component : ipfilter Revision : 1.1
The command “ipfilter†in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
Affected Products
Brocade Fabric OS versions before v9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h.
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
Solution
A security update has been provided in Brocade Fabric OS versions v9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h.
Credit
This issue was discovered through security testing.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | May 10, 2021 |
1.1 | Added v7.4.2h | July 27, 2021 |