PT-2020-14403 · Brocade · Brocade Fabric Os

Published

2020-12-11

Updated

2021-09-09

CVE-2020-15376

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions 8.1.0 through 9.0.0

Description The issue is related to a weakness in the ldap implementation in Brocade Fabric OS, configured in Virtual Fabric mode. This weakness could allow a remote ldap user to login to the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.

Recommendations For Brocade Fabric OS versions 8.1.0 through 9.0.0, consider updating to version 9.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ldap implementation until a patch is available. Additionally, ensure that all ldap users are properly associated with groups to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-15376

Affected Products

Brocade Fabric Os

PT-2020-14403 · Brocade · Brocade Fabric Os

CVE-2020-15376

Related Identifiers

Affected Products

References · 9