Lucene search

[email protected]NVD:CVE-2020-15374

HistorySep 25, 2020 - 2:15 p.m.

CVE-2020-15374

2020-09-2514:15:13

[email protected]

web.nvd.nist.gov

brocade fabric os

rest api

vulnerability

reflected input

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

64.5%

JSON

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

Affected configurations

Nvd

Node

broadcomfabric_operating_systemMatch8.2.1

broadcomfabric_operating_systemMatch8.2.1a

broadcomfabric_operating_systemMatch8.2.1b

broadcomfabric_operating_systemMatch8.2.1c

broadcomfabric_operating_systemMatch8.2.1d

broadcomfabric_operating_systemMatch8.2.2

broadcomfabric_operating_systemMatch8.2.2a

broadcomfabric_operating_systemMatch8.2.2a1

broadcomfabric_operating_systemMatch8.2.2b

broadcomfabric_operating_systemMatch8.2.2c

VendorProductVersionCPE
broadcomfabric_operating_system8.2.1cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.1acpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.1bcpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.1ccpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.1dcpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.2cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.2acpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.2a1cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.2bcpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*
broadcomfabric_operating_system8.2.2ccpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	fabric_operating_system	8.2.1	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:::::::*
broadcom	fabric_operating_system	8.2.1a	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:::::::*
broadcom	fabric_operating_system	8.2.1b	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:::::::*
broadcom	fabric_operating_system	8.2.1c	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:::::::*
broadcom	fabric_operating_system	8.2.1d	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:::::::*
broadcom	fabric_operating_system	8.2.2	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:::::::*
broadcom	fabric_operating_system	8.2.2a	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:::::::*
broadcom	fabric_operating_system	8.2.2a1	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:::::::*
broadcom	fabric_operating_system	8.2.2b	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:::::::*
broadcom	fabric_operating_system	8.2.2c	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:::::::*

References

www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1084

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

64.5%

JSON

Related for NVD:CVE-2020-15374

prion1 cvelist1 cve1 lenovo2