Main Vulnerability Database SB2023010605

SB2023010605 - Path traversal in Dell Connectrix (Brocade)

Published: January 6, 2023

Security Bulletin ID SB2023010605

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2021-27798)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local user with “user” or “factory” privileges can list the entirety of the filesystem utilizing the “more” binary and tab-completion.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000206397/dsa-2022-334-dell-connectrix-brocade-security-update-for-a-privileged-directory-traversal-vulnerability