CVE-2020-15372 - Vulnerability Details

Vendors	Products
Broadcom	Fabric Operating System

Link	Providers
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Brocade Fabric OS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging."}], "problemTypes": [{"descriptions": [{"description": "privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-25T13:10:40", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2020-15372", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brocade Fabric OS", "version": {"version_data": [{"version_value": "Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081", "refsource": "MISC", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:20.117Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"}]}]}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2020-15372", "datePublished": "2020-09-25T13:10:40", "dateReserved": "2020-06-29T00:00:00", "dateUpdated": "2024-08-04T13:15:20.117Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Brocade Fabric OS (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : privilege escalation (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-09-25T13:10:40 (string)

orgId : 87b297d7-335e-4844-9551-11b97995a791 (string)

shortName : brocade (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : sirt@brocade.com (string)

ID : CVE-2020-15372 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Brocade Fabric OS (string)

version : { »

version_data : [ »

0 : { »

version_value : Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : privilege escalation (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081 (string)

refsource : MISC (string)

url : https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T13:15:20.117Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 87b297d7-335e-4844-9551-11b97995a791 (string)

assignerShortName : brocade (string)

cveId : CVE-2020-15372 (string)

datePublished : 2020-09-25T13:10:40 (string)

dateReserved : 2020-06-29T00:00:00 (string)

dateUpdated : 2024-08-04T13:15:20.117Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "202112E1-F1FD-4791-A971-EDA4F0C32A38", "versionEndExcluding": "7.4.2g", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "404CA92A-BC25-42D7-96F8-30591370BF7B", "versionEndExcluding": "8.1.2k", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "387750C5-34B6-49FA-8540-6CF4D26AB286", "versionEndExcluding": "8.2.0_cbn3", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E3639FD-394B-42E2-861C-3BD355CE58A4", "versionEndExcluding": "8.2.1e", "versionStartIncluding": "8.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A75FE20-2D64-4414-9CB2-7839E95BBC7A", "versionEndExcluding": "8.2.2a1", "versionStartIncluding": "8.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "03504386-654D-47A0-B406-A94B0EE5D351", "versionEndExcluding": "8.2.2c", "versionStartIncluding": "8.2.2b", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de l\u00ednea de comandos en Brocade Fabric OS antes de Brocade Fabric OS versiones v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, podr\u00eda permitir a un atacante autenticado local modificar las variables de shell, lo que puede conllevar a una escalada de privilegios o una omisi\u00f3n del registro"}], "id": "CVE-2020-15372", "lastModified": "2024-11-21T05:05:26.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-25T14:15:13.657", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-913"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 202112E1-F1FD-4791-A971-EDA4F0C32A38 (string)

versionEndExcluding : 7.4.2g (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 404CA92A-BC25-42D7-96F8-30591370BF7B (string)

versionEndExcluding : 8.1.2k (string)

versionStartIncluding : 8.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 387750C5-34B6-49FA-8540-6CF4D26AB286 (string)

versionEndExcluding : 8.2.0_cbn3 (string)

versionStartIncluding : 8.2.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6E3639FD-394B-42E2-861C-3BD355CE58A4 (string)

versionEndExcluding : 8.2.1e (string)

versionStartIncluding : 8.2.1 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A75FE20-2D64-4414-9CB2-7839E95BBC7A (string)

versionEndExcluding : 8.2.2a1 (string)

versionStartIncluding : 8.2.2 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 03504386-654D-47A0-B406-A94B0EE5D351 (string)

versionEndExcluding : 8.2.2c (string)

versionStartIncluding : 8.2.2b (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en la interfaz de línea de comandos en Brocade Fabric OS antes de Brocade Fabric OS versiones v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, podría permitir a un atacante autenticado local modificar las variables de shell, lo que puede conllevar a una escalada de privilegios o una omisión del registro (string)

}

]

id : CVE-2020-15372 (string)

lastModified : 2024-11-21T05:05:26.143 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-09-25T14:15:13.657 (string)

references : [ »

0 : { »

source : sirt@brocade.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-1081 (string)

}

]

sourceIdentifier : sirt@brocade.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-913 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object