Description
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1491
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210819-0002/
Scores
CVSS v3
5.4
EPSS
0.0037
EPSS Percentile
58.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-125
Status
published
Products (1)
broadcom/fabric_operating_system
8.2.1 - 8.2.3a
Published
Aug 12, 2021
Tracked Since
Feb 18, 2026