cnvd - cnvd-2021-28348

cnvd-2021-28348

Vulnerability from cnvd

Title: Brocade Fabric OS信息泄露漏洞（CNVD-2021-28348）

Description:

Brocade Fabric OS（FOS）是美国博科（Brocade）公司的一套使用在交换机和路由器等设备中的嵌入式操作系统。

Brocade Fabric OS存在信息泄露漏洞。该漏洞源于Fabric OS中的Supportlink CLI不混淆密码字段，从而会暴露用户的远程服务器凭据。攻击者可利用该漏洞获取暴露的密码凭据，从而可访问远程主机。

Severity: 中

Patch Name: Brocade Fabric OS信息泄露漏洞（CNVD-2021-28348）的补丁

Patch Description:

Brocade Fabric OS（FOS）是美国博科（Brocade）公司的一套使用在交换机和路由器等设备中的嵌入式操作系统。

Brocade Fabric OS存在信息泄露漏洞。该漏洞源于Fabric OS中的Supportlink CLI不混淆密码字段，从而会暴露用户的远程服务器凭据。攻击者可利用该漏洞获取暴露的密码凭据，从而可访问远程主机。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15369

Impacted products

Name
['Broadcom Fabric OS 8.2.1 - 8.2.1d', 'Broadcom Fabric OS 8.2.2;<8.2.2c']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15369",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-15369"
    }
  },
  "description": "Brocade Fabric OS\uff08FOS\uff09\u662f\u7f8e\u56fd\u535a\u79d1\uff08Brocade\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f7f\u7528\u5728\u4ea4\u6362\u673a\u548c\u8def\u7531\u5668\u7b49\u8bbe\u5907\u4e2d\u7684\u5d4c\u5165\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nBrocade Fabric OS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eFabric OS\u4e2d\u7684Supportlink CLI\u4e0d\u6df7\u6dc6\u5bc6\u7801\u5b57\u6bb5\uff0c\u4ece\u800c\u4f1a\u66b4\u9732\u7528\u6237\u7684\u8fdc\u7a0b\u670d\u52a1\u5668\u51ed\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u66b4\u9732\u7684\u5bc6\u7801\u51ed\u636e\uff0c\u4ece\u800c\u53ef\u8bbf\u95ee\u8fdc\u7a0b\u4e3b\u673a\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28348",
  "openTime": "2021-04-15",
  "patchDescription": "Brocade Fabric OS\uff08FOS\uff09\u662f\u7f8e\u56fd\u535a\u79d1\uff08Brocade\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f7f\u7528\u5728\u4ea4\u6362\u673a\u548c\u8def\u7531\u5668\u7b49\u8bbe\u5907\u4e2d\u7684\u5d4c\u5165\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nBrocade Fabric OS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eFabric OS\u4e2d\u7684Supportlink CLI\u4e0d\u6df7\u6dc6\u5bc6\u7801\u5b57\u6bb5\uff0c\u4ece\u800c\u4f1a\u66b4\u9732\u7528\u6237\u7684\u8fdc\u7a0b\u670d\u52a1\u5668\u51ed\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u66b4\u9732\u7684\u5bc6\u7801\u51ed\u636e\uff0c\u4ece\u800c\u53ef\u8bbf\u95ee\u8fdc\u7a0b\u4e3b\u673a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Brocade Fabric OS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-28348\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Broadcom Fabric OS 8.2.1 - 8.2.1d",
      "Broadcom Fabric OS 8.2.2;\u003c8.2.2c"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-15369",
  "serverity": "\u4e2d",
  "submitTime": "2020-09-27",
  "title": "Brocade Fabric OS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-28348\uff09"
}

CVE-2020-15369 (GCVE-0-2020-15369)

Vulnerability from cvelistv5

Published

2020-09-25 13:08

Modified

2024-08-04 13:15

Severity ?

CWE

Unprotected Storage of Credentials

Summary

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

References

▼	URL	Tags
	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Brocade Fabric OS	Version: Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:15:20.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Brocade Fabric OS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users\u2019 credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unprotected Storage of Credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-25T13:08:45",
        "orgId": "87b297d7-335e-4844-9551-11b97995a791",
        "shortName": "brocade"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@brocade.com",
          "ID": "CVE-2020-15369",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Brocade Fabric OS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users\u2019 credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unprotected Storage of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078",
              "refsource": "MISC",
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
    "assignerShortName": "brocade",
    "cveId": "CVE-2020-15369",
    "datePublished": "2020-09-25T13:08:45",
    "dateReserved": "2020-06-29T00:00:00",
    "dateUpdated": "2024-08-04T13:15:20.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted