**Lenovo Security Advisory:**LEN-46654
**Potential Impact:**Privilege escalation, denial of service, information disclosure
**Severity:**High
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2018-6447, CVE-2018-6448, CVE-2018-6449, CVE-2019-16211, CVE-2019-16212, CVE-2020-15369, CVE-2020-15370, CVE-2020-15371, CVE-2020-15372, CVE-2020-15373, CVE-2020-15374, CVE-2020-15375
Summary Description:
Brocade has reported potential vulnerabilities in Brocade Fabric OS (FOS) and Brocade SANnav that could allow escalation of privilege, denial of service, or information disclosure.
Mitigation Strategy for Customers (what you should do to protect yourself):
Brocade recommends upgrading to Brocade Fabric OS versions v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g or higher as applicable.
Brocade recommends upgrading to Brocade SANnav 2.1.0 or higher.
Product | Minimum Fixed Version |
---|---|
Brocade - 300 FC SAN Switch | 7.4.2g |
Brocade - 6505 FC SAN Switch | 7.4.2g |
Brocade - 6505 FC SAN Switch | 8.2.2c |
Brocade - 6505 FC SAN Switch | 9.0.0b |
Brocade - 6510 FC SAN Switch | 7.4.2g |
Brocade - 6510 FC SAN Switch | 8.2.2c |
Brocade - 6510 FC SAN Switch | 9.0.0b |
Lenovo - B300 FC SAN Switch | 7.4.2g |
Lenovo - B6505 FC SAN Switch | 7.4.2g |
Lenovo - B6505 FC SAN Switch | 8.2.2c |
Lenovo - B6505 FC SAN Switch | 9.0.0b |
Lenovo - B6510 FC SAN Switch | 7.4.2g |
Lenovo - B6510 FC SAN Switch | 8.2.2c |
Lenovo - B6510 FC SAN Switch | 9.0.0b |
Lenovo ThinkSystem DB400D FC Switch | 8.2.2c |
Lenovo ThinkSystem DB400D FC Switch | 9.0.0b |
Lenovo ThinkSystem DB610S FC Switch | 8.2.2c |
Lenovo ThinkSystem DB610S FC Switch | 9.0.0b |
Lenovo ThinkSystem DB620S FC Switch | 8.2.2c |
Lenovo ThinkSystem DB620S FC Switch | 9.0.0b |
Lenovo ThinkSystem DB630S FC Switch | 8.2.2c |
Lenovo ThinkSystem DB630S FC Switch | 9.0.0b |
Lenovo ThinkSystem DB800D FC Switch | 8.2.2c |
Lenovo ThinkSystem DB800D FC Switch | 9.0.0b |
References:
CVE-2018-6447: BSA-2020-1073
CVE-2018-6448: BSA-2020-1075
CVE-2018-6449: BSA-2020-1077
CVE-2019-16211: BSA-2020-1076
CVE-2019-16212: BSA-2020-1074
CVE-2020-15369: BSA-2020-1078
CVE-2020-15370: BSA-2020-1079
CVE-2020-15371: BSA-2020-1080
CVE-2020-15372: BSA-2020-1081
CVE-2020-15373: BSA-2020-1082
CVE-2020-15374: BSA-2020-1083
CVE-2020-15375: BSA-2020-1084
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2020-10-13 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.