CVE-2020-15369

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

Published: Sep 25, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15369
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-521

Affected Software
References

Software	From	Fixed in
broadcom / fabric_operating_system	8.2.2	8.2.2.x
broadcom / fabric_operating_system	8.2.2a	8.2.2a.x
broadcom / fabric_operating_system	8.2.1c	8.2.1c.x
broadcom / fabric_operating_system	8.2.1b	8.2.1b.x
broadcom / fabric_operating_system	8.2.1a	8.2.1a.x
broadcom / fabric_operating_system	8.2.1	8.2.1.x
broadcom / fabric_operating_system	8.2.2b	8.2.2b.x
broadcom / fabric_operating_system	8.2.2a1	8.2.2a1.x
broadcom / fabric_operating_system	8.2.1d	8.2.1d.x

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1078

Vulnerability Database

289,871

CVE-2020-15369