Brocade Fabric OS Web application service fails to properly process malformed authentication headers resulting in reading memory addresses outside the intended range. (CVE-2021-27791)
21583
05 March 2026
10 May 2021
CLOSED
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - 4.3
N/A
CVE-2021-27791
Summary
Security Advisory ID : BSA-2021-1491
Component : Web Application Service
Revision : 1.1
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
Affected Products
Brocade Fabric OS versions before 7.4.2h, versions 8.0.0 through 8.2.3 and versions 9.0.0 through 9.0.1
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
Solution
A security update has been provided in Brocade Fabric OS versions 7.4.2h, 8.2.3a, 9.0.1a and 9.1.0
Note
Brocade Fabric OS 7.4.x is no longer supported. Please consult the Brocade Software Release Support and Posting Matrices
Credit
This issue was discovered through security testing.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | May 10, 2021 |
| 1.1 | Fixed versions updated | March 5, 2026 |