ID

VAR-201802-0640


CVE

CVE-2017-6225


TITLE

Brocade Fabric OS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-012605

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. Brocade Fabric OS (FOS) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. BrocadeFibreChannelSANproducts are Brocade switches and BrocadeFabricOS (FOS) is an embedded system running on them. Cross-site scripting vulnerabilities exist in BrocadeFibreChannelSAN products prior to BrocadeFOS7.4.2b, pre-8.1.2, and pre-8.0. Web-based management interfaces. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Broadcom Brocade Fabric OS versions prior 7.4.2b, 8.1.2 and 8.2.0 are vulnerable

Trust: 2.43

sources: NVD: CVE-2017-6225 // JVNDB: JVNDB-2017-012605 // CNVD: CNVD-2018-06323 // BID: 107051

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06323

AFFECTED PRODUCTS

vendor:brocademodel:fabric osscope:eqversion:8.1.0c1

Trust: 1.6

vendor:brocademodel:fabric osscope:eqversion:8.0.1b1

Trust: 1.6

vendor:brocademodel:fabric osscope:eqversion:8.0.2b1

Trust: 1.6

vendor:broadcommodel:fabric operating systemscope:ltversion:7.4.2b

Trust: 1.0

vendor:broadcommodel:fabric operating systemscope:eqversion:8.0.2

Trust: 1.0

vendor:broadcommodel:fabric operating systemscope:eqversion:8.1.1

Trust: 1.0

vendor:brocademodel:fabric osscope: - version: -

Trust: 0.8

vendor:brocademodel:fibre channel san <7.4.2bscope: - version: -

Trust: 0.6

vendor:brocademodel:fibre channel sanscope:ltversion:8.1.2

Trust: 0.6

vendor:brocademodel:fibre channel sanscope:ltversion:8.2.0

Trust: 0.6

vendor:brocademodel:fabric osscope:eqversion:5.2.0

Trust: 0.6

vendor:brocademodel:fabric osscope:eqversion:8.0.2d

Trust: 0.6

vendor:brocademodel:fabric osscope:eqversion:8.1.1a

Trust: 0.6

vendor:brocademodel:fabric osscope:eqversion:3.1

Trust: 0.6

vendor:brocademodel:fabric osscope:eqversion:5.0.5b

Trust: 0.6

vendor:brocademodel:fabric osscope:eqversion:5.2.0a

Trust: 0.6

vendor:brocademodel:fabric osscope:eqversion:8.0.2c

Trust: 0.6

vendor:broadcommodel:brocade fabric osscope:eqversion:8.1.1

Trust: 0.3

vendor:broadcommodel:brocade fabric osscope:eqversion:7.4.2

Trust: 0.3

vendor:broadcommodel:brocade fabric os 7.4.2bscope: - version: -

Trust: 0.3

vendor:broadcommodel:brocade fabric osscope:neversion:8.2

Trust: 0.3

vendor:broadcommodel:brocade fabric osscope:neversion:8.1.2

Trust: 0.3

vendor:broadcommodel:brocade fabric os 7.4.2cscope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2018-06323 // BID: 107051 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6225
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6225
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-06323
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-253
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-6225
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06323
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-6225
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06323 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-012605 // NVD: CVE-2017-6225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-253

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201802-253

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012605

PATCH

title:BSA-2018-525url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525

Trust: 0.8

title:Patch for BrocadeFibreChannelSAN product BrocadeFabricOS cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/123361

Trust: 0.6

title:Brocade Fibre Channel SAN product Brocade Fabric OS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78367

Trust: 0.6

sources: CNVD: CNVD-2018-06323 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253

EXTERNAL IDS

db:NVDid:CVE-2017-6225

Trust: 3.3

db:JVNDBid:JVNDB-2017-012605

Trust: 0.8

db:CNVDid:CNVD-2018-06323

Trust: 0.6

db:CNNVDid:CNNVD-201802-253

Trust: 0.6

db:BIDid:107051

Trust: 0.3

sources: CNVD: CNVD-2018-06323 // BID: 107051 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

REFERENCES

url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525

Trust: 1.3

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03851en_us

Trust: 1.3

url:http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-525.htm

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6225

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-6225

Trust: 0.8

url:http://www.broadcom.com/

Trust: 0.3

sources: CNVD: CNVD-2018-06323 // BID: 107051 // JVNDB: JVNDB-2017-012605 // CNNVD: CNNVD-201802-253 // NVD: CVE-2017-6225

CREDITS

Pawel Gocyla and Matt Byrne.

Trust: 0.3

sources: BID: 107051

SOURCES

db:CNVDid:CNVD-2018-06323
db:BIDid:107051
db:JVNDBid:JVNDB-2017-012605
db:CNNVDid:CNNVD-201802-253
db:NVDid:CVE-2017-6225

LAST UPDATE DATE

2024-08-14T14:26:53.223000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-06323date:2018-03-26T00:00:00
db:BIDid:107051date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2017-012605date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-253date:2018-02-12T00:00:00
db:NVDid:CVE-2017-6225date:2021-06-22T15:20:21.983

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-06323date:2018-03-26T00:00:00
db:BIDid:107051date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2017-012605date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-253date:2018-02-08T00:00:00
db:NVDid:CVE-2017-6225date:2018-02-08T22:29:00.207