CVE-2021-27795 (GCVE-0-2021-27795)

Vulnerability from cvelistv5 – Published: 2023-12-06 01:16 – Updated: 2024-08-03 21:33
VLAI?
Title
License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
Summary
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
CWE
  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
Vendor Product Version
Brocade Brocade Switches Affected: All Version
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Brocade Switches",
          "vendor": "Brocade",
          "versions": [
            {
              "status": "affected",
              "version": "All Version"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\nBrocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-20",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-20 Encryption Brute Forcing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-06T01:16:07.122Z",
        "orgId": "87b297d7-335e-4844-9551-11b97995a791",
        "shortName": "brocade"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
    "assignerShortName": "brocade",
    "cveId": "CVE-2021-27795",
    "datePublished": "2023-12-06T01:16:07.122Z",
    "dateReserved": "2021-02-26T20:18:01.346Z",
    "dateUpdated": "2024-08-03T21:33:15.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A924BA8-278D-42F8-9A38-AE1087384629\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"514B80C9-FB9A-46FF-A58F-F90D695CD6EF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_610:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71B3C11A-72A1-40E7-8062-FDCE8B31BF45\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_6505:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFE32859-8F51-41C0-829F-E2C7C70D2B32\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_6510:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB73E604-D2BA-463E-8F89-B6FA2D762C49\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_6520:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AD15038-420D-456C-9E46-1F68730D5294\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_7800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3E8C687-7999-4FC9-B6F0-8235808B2113\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_7810:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E297EC07-ACD9-44CB-A52E-E8D77F1AB3B8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_7840:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A3BC204-ED15-4F07-A493-D688A02E2AF4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_g620:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3C167A2-3A1D-4A7C-8BB0-E923F774DAE2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_g630:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CBE84E8-4D66-4CE7-B6D9-F67F92014C5C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_x6-4_director:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03D3425B-AADB-4507-9D9D-907BD49359B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:broadcom:brocade_x6-8_director:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FF27302-C9A5-4C62-B97D-BFEDAE2F9F5E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Brocade Fabric OS (FOS) hardware \\nplatforms running any version of Brocade Fabric OS software, which \\nsupports the license string format; contain cryptographic \\nissues that could allow for the installation of forged or fraudulent \\nlicense keys. This would allow attackers or a malicious party to forge a\\n counterfeit license key that the Brocade Fabric OS platform would \\nauthenticate and activate as if it were a legitimate license key. \\n\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versi\\u00f3n del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptogr\\u00e1ficos que podr\\u00edan permitir la instalaci\\u00f3n de claves de licencia falsificadas o fraudulentas. Esto permitir\\u00eda a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticar\\u00eda y activar\\u00eda como si fuera una clave de licencia leg\\u00edtima.\"}]",
      "id": "CVE-2021-27795",
      "lastModified": "2024-11-21T05:58:34.920",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"sirt@brocade.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}]}",
      "published": "2023-12-06T02:15:06.573",
      "references": "[{\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289\", \"source\": \"sirt@brocade.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@brocade.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"sirt@brocade.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27795\",\"sourceIdentifier\":\"sirt@brocade.com\",\"published\":\"2023-12-06T02:15:06.573\",\"lastModified\":\"2024-11-21T05:58:34.920\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Brocade Fabric OS (FOS) hardware \\nplatforms running any version of Brocade Fabric OS software, which \\nsupports the license string format; contain cryptographic \\nissues that could allow for the installation of forged or fraudulent \\nlicense keys. This would allow attackers or a malicious party to forge a\\n counterfeit license key that the Brocade Fabric OS platform would \\nauthenticate and activate as if it were a legitimate license key. \\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versi\u00f3n del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptogr\u00e1ficos que podr\u00edan permitir la instalaci\u00f3n de claves de licencia falsificadas o fraudulentas. Esto permitir\u00eda a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticar\u00eda y activar\u00eda como si fuera una clave de licencia leg\u00edtima.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@brocade.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"sirt@brocade.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A924BA8-278D-42F8-9A38-AE1087384629\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"514B80C9-FB9A-46FF-A58F-F90D695CD6EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71B3C11A-72A1-40E7-8062-FDCE8B31BF45\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_6505:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFE32859-8F51-41C0-829F-E2C7C70D2B32\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_6510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB73E604-D2BA-463E-8F89-B6FA2D762C49\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_6520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AD15038-420D-456C-9E46-1F68730D5294\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_7800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3E8C687-7999-4FC9-B6F0-8235808B2113\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_7810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E297EC07-ACD9-44CB-A52E-E8D77F1AB3B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_7840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A3BC204-ED15-4F07-A493-D688A02E2AF4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_g620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3C167A2-3A1D-4A7C-8BB0-E923F774DAE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_g630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBE84E8-4D66-4CE7-B6D9-F67F92014C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_x6-4_director:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D3425B-AADB-4507-9D9D-907BD49359B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:broadcom:brocade_x6-8_director:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FF27302-C9A5-4C62-B97D-BFEDAE2F9F5E\"}]}]}],\"references\":[{\"url\":\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289\",\"source\":\"sirt@brocade.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.