CVE-2021-27795 - OpenCVE

Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Brocade 6510 Brocade 7800 Brocade G620 Brocade X6-4 Director Fabric Operating System Brocade 7840 Brocade 610 Brocade 6505 Brocade X6-8 Director Brocade G630 Brocade 6520 Brocade 7810 Brocade 300

Configuration 1 [-]

AND

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:broadcom:brocade_300:-:::::::*
	cpe:2.3:h:broadcom:brocade_610:-:::::::*
	cpe:2.3:h:broadcom:brocade_6505:-:::::::*
	cpe:2.3:h:broadcom:brocade_6510:-:::::::*
	cpe:2.3:h:broadcom:brocade_6520:-:::::::*
	cpe:2.3:h:broadcom:brocade_7800:-:::::::*
	cpe:2.3:h:broadcom:brocade_7810:-:::::::*
	cpe:2.3:h:broadcom:brocade_7840:-:::::::*
	cpe:2.3:h:broadcom:brocade_g620:-:::::::*
	cpe:2.3:h:broadcom:brocade_g630:-:::::::*
	cpe:2.3:h:broadcom:brocade_x6-4_director:-:::::::*
	cpe:2.3:h:broadcom:brocade_x6-8_director:-:::::::*

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: brocade

Published: 2023-12-06T01:16:07.122Z

Updated: 2023-12-06T01:16:07.122Z

Reserved: 2021-02-26T20:18:01.346Z

Link: CVE-2021-27795

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-06T02:15:06.573

Modified: 2023-12-11T19:44:39.613

Link: CVE-2021-27795

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-27795", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2021-02-26T20:18:01.346Z", "datePublished": "2023-12-06T01:16:07.122Z", "dateUpdated": "2023-12-06T01:16:07.122Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Brocade Switches", "vendor": "Brocade", "versions": [{"status": "affected", "version": "All Version"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>\nBrocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. <br><br></div>"}], "value": "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n"}], "impacts": [{"capecId": "CAPEC-20", "descriptions": [{"lang": "en", "value": "CAPEC-20 Encryption Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2023-12-06T01:16:07.122Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"}], "source": {"discovery": "UNKNOWN"}, "title": "License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A924BA8-278D-42F8-9A38-AE1087384629", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:broadcom:brocade_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "514B80C9-FB9A-46FF-A58F-F90D695CD6EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_610:-:*:*:*:*:*:*:*", "matchCriteriaId": "71B3C11A-72A1-40E7-8062-FDCE8B31BF45", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_6505:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFE32859-8F51-41C0-829F-E2C7C70D2B32", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_6510:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB73E604-D2BA-463E-8F89-B6FA2D762C49", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_6520:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AD15038-420D-456C-9E46-1F68730D5294", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3E8C687-7999-4FC9-B6F0-8235808B2113", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_7810:-:*:*:*:*:*:*:*", "matchCriteriaId": "E297EC07-ACD9-44CB-A52E-E8D77F1AB3B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_7840:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A3BC204-ED15-4F07-A493-D688A02E2AF4", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_g620:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3C167A2-3A1D-4A7C-8BB0-E923F774DAE2", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_g630:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CBE84E8-4D66-4CE7-B6D9-F67F92014C5C", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_x6-4_director:-:*:*:*:*:*:*:*", "matchCriteriaId": "03D3425B-AADB-4507-9D9D-907BD49359B0", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_x6-8_director:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FF27302-C9A5-4C62-B97D-BFEDAE2F9F5E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n"}, {"lang": "es", "value": "Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versi\u00f3n del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptogr\u00e1ficos que podr\u00edan permitir la instalaci\u00f3n de claves de licencia falsificadas o fraudulentas. Esto permitir\u00eda a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticar\u00eda y activar\u00eda como si fuera una clave de licencia leg\u00edtima."}], "id": "CVE-2021-27795", "lastModified": "2023-12-11T19:44:39.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "sirt@brocade.com", "type": "Secondary"}]}, "published": "2023-12-06T02:15:06.573", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "sirt@brocade.com", "type": "Secondary"}]}