Vulnerability Description
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Fabric Operating System | >= 8.2.1, < 8.2.3a |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20210819-0002/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
- https://security.netapp.com/advisory/ntap-20210819-0002/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
FAQ
What is CVE-2021-27791?
CVE-2021-27791 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authenticat...
How severe is CVE-2021-27791?
CVE-2021-27791 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27791?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Fabric Operating System.