- Description
- The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
- Source
- sirt@brocade.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
- nvd@nist.gov
- CWE-125
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D137CFD9-916B-4B8D-9E57-2EECCE5FD32B",
"versionEndExcluding": "8.2.3a",
"versionStartIncluding": "8.2.1"
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F",
"versionEndExcluding": "9.0.1a",
"versionStartIncluding": "9.0.0"
}
],
"operator": "OR"
}
]
}
]