Main Vulnerability Database SB2022080306

SB2022080306 - Path traversal in HPE B-series Fibre Channel SAN Switch Brocade Fabric OS (FOS)

Published: August 3, 2022

Security Bulletin ID SB2022080306

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2021-27798)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local user with “user” or “factory” privileges can list the entirety of the filesystem utilizing the “more” binary and tab-completion.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04353en_us"
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04353en_us</a><br><br></p>