PT-2021-7527 · Brocade · Brocade Fabric Os
Published
2021-07-14
·
Updated
2021-08-23
·
CVE-2021-27793
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Brocade Fabric OS versions prior to 8.2.3a and after 8.2.0
Brocade Fabric OS versions prior to 9.0.1b and after 9.0.0
Description
The issue is related to the implementation of the aaa tacacs+ protocol in Brocade Fabric OS, which has weaknesses in its authorization mechanism. This can be exploited by a remote attacker to cause a denial of service. The problem manifests as intermittent authorization failures, potentially preventing users with valid accounts from logging into the switch.
Recommendations
For Brocade Fabric OS versions prior to 8.2.3a and after 8.2.0, update to version 8.2.3a or later to resolve the issue.
For Brocade Fabric OS versions prior to 9.0.1b and after 9.0.0, update to version 9.0.1b or later to resolve the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Fabric Os