Support Content Notification - Support Portal

BSA-2021-1490

Product/Component

Brocade SANnav

1 more products

Notification Id

21316

Last Updated

27 May 2021

Initial Publication Date

10 May 2021

Status

Closed

Severity

Medium

CVSS Base Score

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L - 5.3

WorkAround

N/A

Affected CVE

CVE-2021-27792

Summary

Security Advisory ID : BSA-2021-1490

Component : Web Management Interface

Revision : 1.1

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.

Affected Products

Brocade Fabric OS versions before v9.0.1a, and v8.2.3a, and v7.4.2h

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update has been provided in Brocade Fabric OS versions v9.0.1a, v8.2.3a, and v7.4.2h.

Credit

This issue was discovered through security testing.

Revision History

Version	Change	Date
1.0	Initial Publication	May 10, 2021
1.1	Added v7.4.2h	July 27, 2021