Vulnerability Description
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Fabric Operating System | < 7.4.2h |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20210819-0002/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
- https://security.netapp.com/advisory/ntap-20210819-0002/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
FAQ
What is CVE-2021-27790?
CVE-2021-27790 is a vulnerability with a CVSS score of 7.8 (HIGH). The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse t...
How severe is CVE-2021-27790?
CVE-2021-27790 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27790?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Fabric Operating System.