Vulnerability Description
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to crash, requiring a reboot.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Fabric Operating System | < 7.4.2h |
References
- https://security.netapp.com/advisory/ntap-20210819-0002/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
- https://security.netapp.com/advisory/ntap-20210819-0002/Third Party Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brVendor Advisory
FAQ
What is CVE-2021-27792?
CVE-2021-27792 is a vulnerability with a CVSS score of 7.8 (HIGH). The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash....
How severe is CVE-2021-27792?
CVE-2021-27792 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27792?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Fabric Operating System.