A vulnerability classified as problematic has been found in Brocade Fabric OS. Affected is an unknown code block of the component HTTP Management Interface. The manipulation with an unknown input leads to a cross site scripting vulnerability (Reflected). CWE is classifying the issue as CWE-80. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. This is going to have an impact on integrity. CVE summarizes:

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user&acirc;&euro;&trade;s session and take over the account.

The weakness was shared 09/25/2020 (Website). The advisory is shared for download at broadcom.com. This vulnerability is traded as CVE-2018-6447 since 01/31/2018. It is possible to launch the attack remotely. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1059.007.

Upgrading to version 7.4.2g, 8.1.2k, 8.2.0_CBN3, 8.2.1e, 8.2.2c or 9.0.0 eliminates this vulnerability.

The entries 161966 and 161965 are related to this item.

Productinfo

Vendor

• Brocade

Name

• Fabric OS

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion