#VU10448 Resource exhaustion in Brocade Fabric OS - CVE-2017-6227

Cybersecurity Help s.r.o.

Published: 2018-02-12

Vulnerability identifier: #VU10448

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6227

CWE-ID: CWE-400

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Brocade Fabric OS
Operating systems & Components / Operating system

Vendor: Brocade

Description
The vulnerability allows an adjacent attacker to cause a DoS condition on the target system.

The weakness exists due to improper handling of Router Advertisement messages. An adjacent attacker can send specially crafted RA messages, consume excessive amounts of CPU resources and cause the system to hang.

Mitigation
Update to versions 7.4.2b, 8.1.2, 8.2.0.

Vulnerable software versions

Brocade Fabric OS: 7.4.0 - 7.4.2, 8.1.0 - 8.1.1

External links
https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-526.htm

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource exhaustion in IBM FOS Firmware

Multiple vulnerabilities in Brocade Fabric OS