CVE-2020-15376

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
brocadeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
broadcomfabric_operating_system
8.1.0 ≤
𝑥
< 9.0.0
𝑥
= Vulnerable software versions
References
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158