CVE-2021-27795: License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
First published: Wed Dec 06 2023(Updated: )
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Broadcom Fabric Operating System | ||
| Any of | ||
| Broadcom Brocade 300 | ||
| Broadcom Brocade 610 | ||
| Broadcom Brocade 6505 | ||
| Broadcom Brocade 6510 | ||
| Broadcom Brocade 6520 | ||
| Broadcom Brocade 7800 | ||
| Broadcom Brocade 7810 | ||
| Broadcom Brocade 7840 | ||
| Broadcom Brocade G620 | ||
| Broadcom Brocade G630 | ||
| Broadcom Brocade X6-4 Director | ||
| Broadcom Brocade X6-8 Director |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-27795?
CVE-2021-27795 has been assessed to have a high severity due to its potential for exploitation by attackers to forge license keys.
How do I fix CVE-2021-27795?
To fix CVE-2021-27795, please ensure that you update your Brocade Fabric OS software to the latest version provided by Broadcom.
What are the potential risks associated with CVE-2021-27795?
The risks associated with CVE-2021-27795 include the installation of unauthorized licenses, leading to unauthorized access to systems and services.
Which devices are affected by CVE-2021-27795?
Devices running any version of Brocade Fabric OS that support the license string format are affected by CVE-2021-27795.
Is there a workaround for CVE-2021-27795?
Currently, there is no documented workaround for CVE-2021-27795 other than applying the necessary software updates.
- collector/nvd-api
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/tags
- agent/source
- vendor/broadcom
- canonical/broadcom fabric operating system
- canonical/broadcom brocade 300
- canonical/broadcom brocade 610
- canonical/broadcom brocade 6505
- canonical/broadcom brocade 6510
- canonical/broadcom brocade 6520
- canonical/broadcom brocade 7800
- canonical/broadcom brocade 7810
- canonical/broadcom brocade 7840
- canonical/broadcom brocade g620
- canonical/broadcom brocade g630
- canonical/broadcom brocade x6-4 director
- canonical/broadcom brocade x6-8 director