CVE-2020-15387

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.

Published: Jun 9, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-15387
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
broadcom / brocade_sannav	-	2.1.1
broadcom / fabric_operating_system	8.2.0	8.2.1
broadcom / fabric_operating_system	-	7.4.2
broadcom / fabric_operating_system	7.4.2g	7.4.2g.x
broadcom / fabric_operating_system	7.4.2f	7.4.2f.x
broadcom / fabric_operating_system	7.4.2d	7.4.2d.x
broadcom / fabric_operating_system	7.4.2c	7.4.2c.x
broadcom / fabric_operating_system	7.4.2b	7.4.2b.x
broadcom / fabric_operating_system	7.4.2a	7.4.2a.x
broadcom / fabric_operating_system	7.4.2	7.4.2.x
broadcom / fabric_operating_system	8.2.1b	8.2.1b.x
broadcom / fabric_operating_system	8.2.1a	8.2.1a.x
broadcom / fabric_operating_system	8.2.1	8.2.1.x

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291

Vulnerability Database

289,871

CVE-2020-15387