Details of VAR-201802-0640

ID

VAR-201802-0640

CVE

CVE-2017-6225

TITLE

Brocade Fabric OS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-012605

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. Brocade Fabric OS (FOS) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. BrocadeFibreChannelSANproducts are Brocade switches and BrocadeFabricOS (FOS) is an embedded system running on them. Cross-site scripting vulnerabilities exist in BrocadeFibreChannelSAN products prior to BrocadeFOS7.4.2b, pre-8.1.2, and pre-8.0. Web-based management interfaces. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Broadcom Brocade Fabric OS versions prior 7.4.2b, 8.1.2 and 8.2.0 are vulnerable

Trust: 2.43

sources: NVD: CVE-2017-6225 // JVNDB: JVNDB-2017-012605 // CNVD: CNVD-2018-06323 // BID: 107051

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-06323

AFFECTED PRODUCTS

vendor:	brocade	model:	fabric os	scope:	eq	version:	8.1.0c1	Trust: 1.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	8.0.1b1	Trust: 1.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	8.0.2b1	Trust: 1.6
vendor:	broadcom	model:	fabric operating system	scope:	lt	version:	7.4.2b	Trust: 1.0
vendor:	broadcom	model:	fabric operating system	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	broadcom	model:	fabric operating system	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	brocade	model:	fabric os	scope:	-	version:	-	Trust: 0.8
vendor:	brocade	model:	fibre channel san <7.4.2b	scope:	-	version:	-	Trust: 0.6
vendor:	brocade	model:	fibre channel san	scope:	lt	version:	8.1.2	Trust: 0.6
vendor:	brocade	model:	fibre channel san	scope:	lt	version:	8.2.0	Trust: 0.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	5.2.0	Trust: 0.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	8.0.2d	Trust: 0.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	8.1.1a	Trust: 0.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	3.1	Trust: 0.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	5.0.5b	Trust: 0.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	5.2.0a	Trust: 0.6
vendor:	brocade	model:	fabric os	scope:	eq	version:	8.0.2c	Trust: 0.6
vendor:	broadcom	model:	brocade fabric os	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	broadcom	model:	brocade fabric os	scope:	eq	version:	7.4.2	Trust: 0.3
vendor:	broadcom	model:	brocade fabric os 7.4.2b	scope:	-	version:	-	Trust: 0.3
vendor:	broadcom	model:	brocade fabric os	scope:	ne	version:	8.2	Trust: 0.3
vendor:	broadcom	model:	brocade fabric os	scope:	ne	version:	8.1.2	Trust: 0.3
vendor:	broadcom	model:	brocade fabric os 7.4.2c	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2018-06323 // BID: 107051 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6225
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6225
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-06323
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201802-253
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-6225
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-06323
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-6225
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-06323 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-012605 // NVD: CVE-2017-6225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-253

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201802-253

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012605

PATCH

title:	BSA-2018-525	url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525	Trust: 0.8
title:	Patch for BrocadeFibreChannelSAN product BrocadeFabricOS cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/123361	Trust: 0.6
title:	Brocade Fibre Channel SAN product Brocade Fabric OS Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78367	Trust: 0.6

sources: CNVD: CNVD-2018-06323 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6225	Trust: 3.3
db:	JVNDB	id:	JVNDB-2017-012605	Trust: 0.8
db:	CNVD	id:	CNVD-2018-06323	Trust: 0.6
db:	CNNVD	id:	CNNVD-201802-253	Trust: 0.6
db:	BID	id:	107051	Trust: 0.3

sources: CNVD: CNVD-2018-06323 // BID: 107051 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

REFERENCES

url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525	Trust: 1.3
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03851en_us	Trust: 1.3
url:	http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-525.htm	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6225	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6225	Trust: 0.8
url:	http://www.broadcom.com/	Trust: 0.3

sources: CNVD: CNVD-2018-06323 // BID: 107051 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

CREDITS

Pawel Gocyla and Matt Byrne.

Trust: 0.3

sources: BID: 107051

SOURCES

db:	CNVD	id:	CNVD-2018-06323
db:	BID	id:	107051
db:	JVNDB	id:	JVNDB-2017-012605
db:	CNNVD	id:	CNNVD-201802-253
db:	NVD	id:	CVE-2017-6225

LAST UPDATE DATE

2024-08-14T14:26:53.223000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-06323	date:	2018-03-26T00:00:00
db:	BID	id:	107051	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-012605	date:	2018-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201802-253	date:	2018-02-12T00:00:00
db:	NVD	id:	CVE-2017-6225	date:	2021-06-22T15:20:21.983

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-06323	date:	2018-03-26T00:00:00
db:	BID	id:	107051	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-012605	date:	2018-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201802-253	date:	2018-02-08T00:00:00
db:	NVD	id:	CVE-2017-6225	date:	2018-02-08T22:29:00.207