CVE-2021-27795 - OpenCVE

Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Brocade 300 Brocade 610 Brocade 6505 Brocade 6510 Brocade 6520 Brocade 7800 Brocade 7810 Brocade 7840 Brocade G620 Brocade G630 Brocade X6-4 Director Brocade X6-8 Director Fabric Operating System

Configuration 1 [-]

AND

OR	cpe:2.3:h:broadcom:brocade_300:-:::::::*
	cpe:2.3:h:broadcom:brocade_610:-:::::::*
	cpe:2.3:h:broadcom:brocade_6505:-:::::::*
	cpe:2.3:h:broadcom:brocade_6510:-:::::::*
	cpe:2.3:h:broadcom:brocade_6520:-:::::::*
	cpe:2.3:h:broadcom:brocade_7800:-:::::::*
	cpe:2.3:h:broadcom:brocade_7810:-:::::::*
	cpe:2.3:h:broadcom:brocade_7840:-:::::::*
	cpe:2.3:h:broadcom:brocade_g620:-:::::::*
	cpe:2.3:h:broadcom:brocade_g630:-:::::::*
	cpe:2.3:h:broadcom:brocade_x6-4_director:-:::::::*
	cpe:2.3:h:broadcom:brocade_x6-8_director:-:::::::*

cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289

History

No history.

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2023-12-06T01:16:07.122Z

Updated: 2024-08-03T21:33:15.653Z

Reserved: 2021-02-26T20:18:01.346Z

Link: CVE-2021-27795

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-06T02:15:06.573

Modified: 2023-12-11T19:44:39.613

Link: CVE-2021-27795

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-27795", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2021-02-26T20:18:01.346Z", "datePublished": "2023-12-06T01:16:07.122Z", "dateUpdated": "2024-08-03T21:33:15.653Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Brocade Switches", "vendor": "Brocade", "versions": [{"status": "affected", "version": "All Version"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>\nBrocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. <br><br></div>"}], "value": "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n"}], "impacts": [{"capecId": "CAPEC-20", "descriptions": [{"lang": "en", "value": "CAPEC-20 Encryption Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2023-12-06T01:16:07.122Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"}], "source": {"discovery": "UNKNOWN"}, "title": "License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:15.653Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:broadcom:brocade_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "514B80C9-FB9A-46FF-A58F-F90D695CD6EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_610:-:*:*:*:*:*:*:*", "matchCriteriaId": "71B3C11A-72A1-40E7-8062-FDCE8B31BF45", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_6505:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFE32859-8F51-41C0-829F-E2C7C70D2B32", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_6510:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB73E604-D2BA-463E-8F89-B6FA2D762C49", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_6520:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AD15038-420D-456C-9E46-1F68730D5294", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3E8C687-7999-4FC9-B6F0-8235808B2113", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_7810:-:*:*:*:*:*:*:*", "matchCriteriaId": "E297EC07-ACD9-44CB-A52E-E8D77F1AB3B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_7840:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A3BC204-ED15-4F07-A493-D688A02E2AF4", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_g620:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3C167A2-3A1D-4A7C-8BB0-E923F774DAE2", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_g630:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CBE84E8-4D66-4CE7-B6D9-F67F92014C5C", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_x6-4_director:-:*:*:*:*:*:*:*", "matchCriteriaId": "03D3425B-AADB-4507-9D9D-907BD49359B0", "vulnerable": false}, {"criteria": "cpe:2.3:h:broadcom:brocade_x6-8_director:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FF27302-C9A5-4C62-B97D-BFEDAE2F9F5E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A924BA8-278D-42F8-9A38-AE1087384629", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Brocade Fabric OS (FOS) hardware \nplatforms running any version of Brocade Fabric OS software, which \nsupports the license string format; contain cryptographic \nissues that could allow for the installation of forged or fraudulent \nlicense keys. This would allow attackers or a malicious party to forge a\n counterfeit license key that the Brocade Fabric OS platform would \nauthenticate and activate as if it were a legitimate license key. \n\n\n\n"}, {"lang": "es", "value": "Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versi\u00f3n del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptogr\u00e1ficos que podr\u00edan permitir la instalaci\u00f3n de claves de licencia falsificadas o fraudulentas. Esto permitir\u00eda a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticar\u00eda y activar\u00eda como si fuera una clave de licencia leg\u00edtima."}], "id": "CVE-2021-27795", "lastModified": "2023-12-11T19:44:39.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "sirt@brocade.com", "type": "Secondary"}]}, "published": "2023-12-06T02:15:06.573", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "sirt@brocade.com", "type": "Secondary"}]}