CVE-2020-15383 - Vulnerability Details - OpenCVE

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

OR	cpe:2.3:o:broadcom:fabric_operating_system::::::::
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:::::::*

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20210819-0002/
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496

History

No history.

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2021-06-09T14:32:31

Updated: 2024-08-04T13:15:20.568Z

Reserved: 2020-06-29T00:00:00

Link: CVE-2020-15383

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-09T15:15:08.107

Modified: 2024-11-21T05:05:27.397

Link: CVE-2020-15383

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Brocade Fabric OS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Brocade Fabric OS versions before v9.0.0, v8.2.2d, and v8.2.1e"}]}], "descriptions": [{"lang": "en", "value": "Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic."}], "problemTypes": [{"descriptions": [{"description": "Denail of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-19T09:06:25", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2020-15383", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brocade Fabric OS", "version": {"version_data": [{"version_value": "Brocade Fabric OS versions before v9.0.0, v8.2.2d, and v8.2.1e"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denail of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496", "refsource": "MISC", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"}, {"name": "https://security.netapp.com/advisory/ntap-20210819-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:20.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}]}]}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2020-15383", "datePublished": "2021-06-09T14:32:31", "dateReserved": "2020-06-29T00:00:00", "dateUpdated": "2024-08-04T13:15:20.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "017C502B-C9AA-41EF-BBE1-F34DAD9A21F4", "versionEndExcluding": "8.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C91FB6C-7BF5-453E-A618-06756D3DD2FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*", "matchCriteriaId": "7CF38E78-8243-4615-A8A1-1396920F5BA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*", "matchCriteriaId": "84E4F075-D03B-4D98-8C9E-840D80DFFF48", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1c:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF78F1-A7F3-4656-AD5D-6D84F83B34F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.1d:*:*:*:*:*:*:*", "matchCriteriaId": "DAA3D3F6-C768-4096-A2CA-8CC406A92D6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2a1:*:*:*:*:*:*:*", "matchCriteriaId": "441E912B-4DD8-4A04-8072-04CE30D5A436", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2b:*:*:*:*:*:*:*", "matchCriteriaId": "B3B33CEA-BE17-411D-86FF-388B21E8F018", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:8.2.2c:*:*:*:*:*:*:*", "matchCriteriaId": "D4CB0EA0-D553-4D17-867A-0DBD5D1F6764", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic."}, {"lang": "es", "value": "Una ejecuci\u00f3n de escaneos de seguridad contra el SAN switch puede causar a los procesos de configuraci\u00f3n y notificaci\u00f3n secundaria dentro de las versiones de firmware anteriores a Brocade Fabric OS v9.0.0, v8.2.2d y v8.2.1e, consumir toda la memoria, conllevando a impactos de denegaci\u00f3n de servicio que posiblemente incluyen un switch panic"}], "id": "CVE-2020-15383", "lastModified": "2024-11-21T05:05:27.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T15:15:08.107", "references": [{"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}, {"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}