Broadcom: Security Vulnerabilities
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-08-12
A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wireless router using BCM4352 and BCM43684 will be affected, such as ASUS AX6100. An attacker may cause a Denial of Service (DoS) to any device connected to BCM4352 or BCM43684 routers via an association or reassociation frame.
CVSS Score
4.6
EPSS Score
0.001
Published
2021-07-14
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-06-30
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.006
Published
2021-06-09
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-06-09
Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-06-09
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-09
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-06-09
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-09
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-06-09