Vulnerability Details : CVE-2020-15387
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications.
Published
2021-06-09 16:15:08
Updated
2021-08-23 14:47:23
Products affected by CVE-2020-15387
- cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:7.4.2a:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:7.4.2b:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:7.4.2c:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:7.4.2d:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:7.4.2f:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:7.4.2g:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:8.2.1a:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:fabric_operating_system:8.2.1b:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15387
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15387
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
|
7.4
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
2.2
|
5.2
|
NIST |
CWE ids for CVE-2020-15387
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-15387
-
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1291
Broadcom Inc. | Connecting EverythingVendor Advisory
Jump to