CVE-2021-27792

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.0.1a Brocade Fabric OS versions prior to 8.2.3a Brocade Fabric OS versions prior to 7.4.2h

Description: The request handling functions in the web management interface of Brocade Fabric OS do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot. Additionally, the command ipfilter uses unsafe string functions to process user input, allowing authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.

Recommendations: For versions prior to 9.0.1a, update to version 9.0.1a or later to resolve the issue. For versions prior to 8.2.3a, update to version 8.2.3a or later to resolve the issue. For versions prior to 7.4.2h, update to version 7.4.2h or later to resolve the issue. As a temporary workaround, consider restricting access to the ipfilter command and the web management interface to minimize the risk of exploitation.