{"containers": {"cna": {"affected": [{"product": "Brocade Fabric OS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h"}]}], "descriptions": [{"lang": "en", "value": "The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account."}], "problemTypes": [{"descriptions": [{"description": "execution of arbitrary code", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-20T16:35:48", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2021-27790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brocade Fabric OS", "version": {"version_data": [{"version_value": "Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "execution of arbitrary code"}]}]}, "references": {"reference_data": [{"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492", "refsource": "MISC", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"}, {"name": "https://security.netapp.com/advisory/ntap-20210819-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}, {"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492", "refsource": "MISC", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:15.672Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}]}]}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2021-27790", "datePublished": "2021-08-12T14:27:04", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2024-08-03T21:33:15.672Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "942EE264-4FE0-45C7-A111-0137C18C3962", "versionEndExcluding": "7.4.2h", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "61DD246D-373A-4035-814B-6961A1AEF2A9", "versionEndExcluding": "8.2.0_cbn4", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "32439844-2E32-49D9-9584-F24DF1E4B053", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D7BD6F1-04FE-45C8-9154-70DBDC01A31F", "versionEndExcluding": "9.0.1a", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account."}, {"lang": "es", "value": "El comando ipfilter en Brocade Fabric OS versiones anteriores a Brocade Fabric OS v.9.0.1a, v8.2.3, y v8.2.0_CBN4, y v7.4.2h, usa una funci\u00f3n de cadena no segura para procesar la entrada del usuario. Unos atacantes autenticados pueden abusar de esta vulnerabilidad para explotar unos desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria, permitiendo una ejecuci\u00f3n de c\u00f3digo arbitrario como la cuenta de usuario root."}], "id": "CVE-2021-27790", "lastModified": "2024-11-21T05:58:34.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-12T15:15:07.697", "references": [{"source": "sirt@brocade.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}, {"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210819-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1492"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}