Brocade Fabric OS Vulnerabilities
Brocade Fabric OS Vulnerabilities
Brocade Fabric OS Vulnerabilities
Lenovo Security Advisory: LEN-79718
Potential Impact: Information disclosure, hard-coded credentials
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2021-27796, CVE-2021-27797
Summary Description:
The following vulnerabilities were reported in Brocade Fabric OS.
CVE-2021-27796: Brocade reported a vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
CVE-2021-27797: Brocade reported that Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
Brocade details “Default Accounts” with default password “password” in the Brocade Fabric OS Administration guide. The Brocade Fabric OS Administration guide documents that a Brocade switch automatically prompts changing the default account passwords after logging in for the first time.
Mitigation Strategy for Customers (what you should do to protect yourself):
CVE-2021-27796: Brocade has provided Security update in Brocade Fabric OS versions Brocade Fabric OS v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d. Brocade recommends upgrading to these versions or later to receive the security update.
CVE-2021-27797: The enforcement of mandatory password change was effective in Brocade Fabric OS versions Brocade Fabric OS v.9.0.0, v8.2.1c, v8.1.2h, and higher versions. Brocade recommends upgrading to these versions or later to receive the security update.
Brocade Fabric OS: v7.4.1b and v7.3.1d have reached End of Availability (EOA) and are no longer supported. Brocade also recommends Customers run supported Brocade software versions.
To download the version specified for your product below, follow these steps:
Navigate to the Drivers & Software support site for your product:
- Lenovo Products (sold worldwide, except in China): https://support.lenovo.com/
- Lenovo Products (sold in China): https://newsupport.lenovo.com.cn/
- IBM-branded System x Legacy Products: https://www.ibm.com/support/fixcentral/
- Search for your product by name or machine type.
- Click Drivers & Software on the left menu panel.
- Click on Manual Update to browse by Component type.
- Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.
Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:
PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759
Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center
Click below links to view affected products:
References:
https://www.broadcom.com/support/fibre-channel-networking/security-advisories
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2022-03-08 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Product Impact:
Product | Component | CVE-2021-27796 | CVE-2021-27797 |
Brocade - 6505 FC SAN Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo - B300 FC SAN Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo - B6505 FC SAN Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo - B6510 FC SAN Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo ThinkSystem DB400D FC Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo ThinkSystem DB610S FC Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo ThinkSystem DB620S FC Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo ThinkSystem DB630S FC Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo ThinkSystem DB720S FC Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Lenovo ThinkSystem DB800D FC Switch | Brocade FOS | v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d | v.9.0.0, v8.2.1c, v8.1.2h |
Your feedback helps to improve the overall experience