CVE-2020-15387

HIGH

Brocade Fabric OS <7.4.2h,v8.2.1c,v8.2.2,v9.0.0 - Info Disclosure

Title source: llm

Description

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291

Scores

CVSS v3 7.4

EPSS 0.0049

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-326

Status published

Products (12)

broadcom/brocade_sannav < 2.1.1

broadcom/fabric_operating_system 7.4.2

broadcom/fabric_operating_system 7.4.2a

broadcom/fabric_operating_system 7.4.2b

broadcom/fabric_operating_system 7.4.2c

broadcom/fabric_operating_system 7.4.2d

broadcom/fabric_operating_system 7.4.2f

broadcom/fabric_operating_system 7.4.2g

broadcom/fabric_operating_system 8.2.1

broadcom/fabric_operating_system 8.2.1a

... and 2 more

Published Jun 09, 2021

Tracked Since Feb 18, 2026