Vulnerability identifier: #VU10448

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6227

CWE-ID: CWE-400

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Brocade Fabric OS
Operating systems & Components / Operating system

Vendor: Brocade

Description
The vulnerability allows an adjacent attacker to cause a DoS condition on the target system.

The weakness exists due to improper handling of Router Advertisement messages. An adjacent attacker can send specially crafted RA messages, consume excessive amounts of CPU resources and cause the system to hang.

Mitigation
Update to versions 7.4.2b, 8.1.2, 8.2.0.

Vulnerable software versions

Brocade Fabric OS: 7.4.0 - 7.4.2, 8.1.0 - 8.1.1

---

External links
http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-526.htm

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.