CVE-2020-15375

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.0.0 Brocade Fabric OS version 8.2.2c and earlier Brocade Fabric OS version 8.2.1e and earlier Brocade Fabric OS version 8.1.2k and earlier Brocade Fabric OS version 8.2.0 CBN3 and earlier Brocade Fabric OS version 7.4.2g and earlier

Description The issue is related to an improper input validation weakness in the command line interface of Brocade Fabric OS when secccrypptocfg is invoked. This weakness could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.

Recommendations For Brocade Fabric OS versions prior to 9.0.0, update to version 9.0.0 or later. For Brocade Fabric OS version 8.2.2c and earlier, update to version 8.2.2c or later. For Brocade Fabric OS version 8.2.1e and earlier, update to version 8.2.1e or later. For Brocade Fabric OS version 8.1.2k and earlier, update to version 8.1.2k or later. For Brocade Fabric OS version 8.2.0 CBN3 and earlier, update to version 8.2.0 CBN3 or later. For Brocade Fabric OS version 7.4.2g and earlier, update to version 7.4.2g or later. As a temporary workaround, consider restricting access to the secccrypptocfg command until a patch is available.