CVE-2021-27791 Information

Description

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request which could bypass the authentication process.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491 https://security.netapp.com/advisory/ntap-20210819-0002/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4