CVE-2021-27798 - OpenCVE

A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Fabric Operating System

Configuration 1 [-]

OR	cpe:2.3:o:broadcom:fabric_operating_system:7.3.1d:::::::*
	cpe:2.3:o:broadcom:fabric_operating_system:7.4.1b:::::::*

References

Link	Resource
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: brocade

Published: 2022-08-05T15:24:40

Updated: 2024-07-03T14:58:04.056Z

Reserved: 2021-02-26T00:00:00

Link: CVE-2021-27798

JSON object: View

NVD Information

Status : Modified

Published: 2022-08-05T16:15:10.807

Modified: 2024-05-17T01:55:38.763

Link: CVE-2021-27798

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Brocade Fabric OS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Brocade Fabric OS versions Brocade Fabric OS v7.4.1b, and v7.3.1d."}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report"}], "problemTypes": [{"descriptions": [{"description": "Privileged Directory Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-05T15:24:40", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012"}], "tags": ["unsupported-when-assigned"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2021-27798", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brocade Fabric OS", "version": {"version_data": [{"version_value": "Brocade Fabric OS versions Brocade Fabric OS v7.4.1b, and v7.3.1d."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privileged Directory Traversal"}]}]}, "references": {"reference_data": [{"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012", "refsource": "MISC", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012"}]}}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T14:57:53.170051Z", "id": "CVE-2021-27798", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T14:58:04.056Z"}}]}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2021-27798", "datePublished": "2022-08-05T15:24:40", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2024-07-03T14:58:04.056Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}