CVE-2020-15376

EUVD-2020-7371
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
broadcomfabric_operating_system
8.1.0 ≤
𝑥
< 9.0.0
𝑥
= Vulnerable software versions
References
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1158