BSA-2020-1158

Brocade Fabric OS

2 more products

21593

20 November 2020

20 November 2020

Closed

High

4.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

No

CVE-2020-15376

Summary

Security Advisory ID : BSA-2020-1158

Component : LDAP

Revision : 1.0

Brocade Fabric OS before v9.0.0 and after v8.1.0, configured in Virtual Fabric mode contains a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

Notes:

  • The issue is seen only in virtual Fabric mode

  • The user has no privileges

  • The issue doesn't affect Brocade Fabric OS prior to v8.1.0

Affected Products

Brocade Fabric OS versions before v9.0.0 and after v8.1.0 

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update is provided in Brocade Fabric OS versions v9.0.0, v8.2.2d.

A security update can also be obtained on Brocade Fabric OS version v8.1.2k1 by contacting your service provider.

All later versions of Brocade Fabric OS, including all FOS 9.X releases, will also contain this same security update.

Recommended Action

Brocade recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade Fabric OS to obtain this update.

Credit

This issue was discovered through security testing.

Revision History

Version Change Date
1.0 Initial Publication November 20, 2020