CVE-2020-15387: Weak Encryption
First published: Wed Jun 09 2021(Updated: )
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Brocade SANnav | <2.1.1 | |
| broadcom fabric operating system | <7.4.2 | |
| broadcom fabric operating system | >=8.2.0<8.2.1 | |
| broadcom fabric operating system | =7.4.2 | |
| broadcom fabric operating system | =7.4.2a | |
| broadcom fabric operating system | =7.4.2b | |
| broadcom fabric operating system | =7.4.2c | |
| broadcom fabric operating system | =7.4.2d | |
| broadcom fabric operating system | =7.4.2f | |
| broadcom fabric operating system | =7.4.2g | |
| broadcom fabric operating system | =8.2.1 | |
| broadcom fabric operating system | =8.2.1a | |
| broadcom fabric operating system | =8.2.1b |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-15387?
CVE-2020-15387 is a vulnerability in the host SSH servers of Brocade Fabric OS and Brocade SANnav that allows for insecure SSH communications and man-in-the-middle attacks.
Which software versions are affected by CVE-2020-15387?
CVE-2020-15387 affects Brocade Fabric OS versions before v7.4.2h, v8.2.1c, v8.2.2, and v9.0.0, as well as Brocade SANnav before v2.1.1.
How severe is CVE-2020-15387?
CVE-2020-15387 is classified as high severity with a severity value of 7.4.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-15387?
The CWE ID for CVE-2020-15387 is CWE-326.
How can I fix CVE-2020-15387?
To fix CVE-2020-15387, you should update Brocade Fabric OS to version v7.4.2h, v8.2.1c, v8.2.2, or v9.0.0, and update Brocade SANnav to version v2.1.1 or higher.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/broadcom
- canonical/brocade sannav
- canonical/broadcom fabric operating system
- version/broadcom fabric operating system/8.2.0
- version/broadcom fabric operating system/7.4.2
- version/broadcom fabric operating system/7.4.2a
- version/broadcom fabric operating system/7.4.2b
- version/broadcom fabric operating system/7.4.2c
- version/broadcom fabric operating system/7.4.2d
- version/broadcom fabric operating system/7.4.2f
- version/broadcom fabric operating system/7.4.2g
- version/broadcom fabric operating system/8.2.1
- version/broadcom fabric operating system/8.2.1a
- version/broadcom fabric operating system/8.2.1b