Summary

Security Advisory ID : BSA-2020-936

Component : SMBv3

Revision : 1.0: Final

Microsoft SMBv3 contains a vulnerability in the handling of compression, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description
Microsoft Server Message Block 3.1.1 (SMBv3) contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. It has been reported that this vulnerability is wormable.”

Impact
By connecting to a vulnerable Windows machine using SMBv3, or by causing a vulnerable Windows system to initiate a client connection to a SMBv3 server, a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. More at: https://www.kb.cert.org/vuls/id/872016/

Affected Products

No Brocade Fibre Channel Products from Broadcom are currently known to be affected by these vulnerabilities.

Notes.

Brocade Manageability products are not vulnerable to SMBv3 vulnerability aka "SMBGhost and CoronaBlue”. However, since the environment that runs the products is not under Brocade's control, Brocade recommends Customers to apply recommendation from the vendors.

Revision History