Vulnerabilities > Broadcom > Fabric Operating System

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2021-27789 Unspecified vulnerability in Broadcom Fabric Operating System
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device.
network
low complexity
broadcom
4.0
2022-02-21 CVE-2021-27796 Unspecified vulnerability in Broadcom Fabric Operating System
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
network
low complexity
broadcom
6.8
2022-02-21 CVE-2021-27797 Use of Hard-coded Credentials vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
network
low complexity
broadcom CWE-798
7.5
2021-08-12 CVE-2021-27790 Out-of-bounds Write vulnerability in Broadcom Fabric Operating System
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input.
local
low complexity
broadcom CWE-787
7.2
2021-08-12 CVE-2021-27791 Out-of-bounds Read vulnerability in Broadcom Fabric Operating System
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range.
network
low complexity
broadcom CWE-125
5.5
2021-08-12 CVE-2021-27792 Unspecified vulnerability in Broadcom Fabric Operating System
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash.
local
low complexity
broadcom
7.2
2021-08-12 CVE-2021-27793 Incorrect Authorization vulnerability in Broadcom Fabric Operating System
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.
network
low complexity
broadcom CWE-863
5.0
2021-08-12 CVE-2021-27794 Improper Authentication vulnerability in Broadcom Fabric Operating System
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
local
low complexity
broadcom CWE-287
4.6
2021-06-09 CVE-2020-15386 Unspecified vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
network
low complexity
broadcom
5.0
2021-06-09 CVE-2020-15387 Inadequate Encryption Strength vulnerability in Broadcom Brocade Sannav and Fabric Operating System
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
network
broadcom CWE-326
5.8