CVE-2020-15369

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

CVSS v3 8.8 HIGH
CVSS v2.0 4.0 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:::::::*

History

No history.

Information

Published : 2020-09-25 14:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-15369

Mitre link : CVE-2020-15369

CVE.ORG link : CVE-2020-15369

JSON object : View

Products Affected

broadcom

fabric_operating_system

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2020-15369", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-09-25T14:15:13.453", "references": [{"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users\u2019 credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host."}, {"lang": "es", "value": "La CLI de Supportlink en Brocade Fabric OS Versiones v8.2.1 hasta v8.2.1d, y versiones 8.2.2 anteriores a v8.2.2c, no oculta el campo password, lo que podr\u00eda exponer las credenciales de usuarios del servidor remoto. Un usuario autenticado podr\u00eda obtener las credenciales de contrase\u00f1a expuestas para conseguir acceso al host remoto"}], "lastModified": "2021-08-23T14:47:25.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B244FB24-0767-4DC4-9988-ED8C5D9D9A91"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DDA4E8C-F140-4E39-9A6F-7883F2822499"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}