CVE-2021-27794 – This authentication bypass vulnerability in Bro... (How to Fix)

Q: What is the severity of CVE-2021-27794?

CVE-2021-27794 has a CVSS score of 7.8 (HIGH). This authentication bypass vulnerability in Brocade Fabric OS allows attackers to log in with empty or invalid passwords via telnet, SSH, and REST interfaces. It affects Brocade SAN switches running vulnerable Fabric OS versions, potentially granting unauthorized access to network storage infrastructure.

📋 TL;DR

This authentication bypass vulnerability in Brocade Fabric OS allows attackers to log in with empty or invalid passwords via telnet, SSH, and REST interfaces. It affects Brocade SAN switches running vulnerable Fabric OS versions, potentially granting unauthorized access to network storage infrastructure.

💻 Affected Systems

Products:

Brocade SAN switches running Fabric OS

Versions: All versions before Fabric OS v9.0.1a, v8.2.3a, and v7.4.2h

Operating Systems: Fabric OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects telnet, SSH, and REST authentication interfaces. Requires these services to be enabled and accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SAN infrastructure, allowing data theft, destruction, or ransomware deployment across connected storage systems.

🟠

Likely Case

Unauthorized access to SAN switches enabling configuration changes, network disruption, or lateral movement to connected systems.

🟢

If Mitigated

Limited impact if strong network segmentation, access controls, and monitoring prevent exploitation attempts.

🌐 Internet-Facing: HIGH if vulnerable interfaces are exposed to internet, as authentication bypass requires no credentials.

🏢 Internal Only: HIGH due to potential for internal attackers or compromised systems to gain unauthorized access to critical storage infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple authentication bypass requiring only network access to vulnerable services. No special tools or knowledge needed beyond basic telnet/SSH clients.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fabric OS v9.0.1a, v8.2.3a, or v7.4.2h depending on version track

Vendor Advisory: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552

Restart Required: Yes

Instructions:

1. Download appropriate patch from Broadcom support portal. 2. Backup switch configuration. 3. Apply firmware update following vendor documentation. 4. Reboot switch. 5. Verify successful update and functionality.

🔧 Temporary Workarounds

Disable vulnerable services

all

Disable telnet, SSH, and REST interfaces if not required for operations

telnet disable
ssh disable
rest disable

Implement network access controls

all

Restrict access to management interfaces using firewall rules or VLAN segmentation

🧯 If You Can't Patch

Implement strict network segmentation to isolate SAN management interfaces from untrusted networks
Enable detailed logging and monitoring for authentication attempts on telnet, SSH, and REST interfaces

🔍 How to Verify

Check if Vulnerable:

Check Fabric OS version with 'version' command and compare to patched versions. Test authentication with empty password via telnet/SSH.

Check Version:

version

Verify Fix Applied:

Verify version is v9.0.1a, v8.2.3a, or v7.4.2h or later. Test that empty/invalid passwords are rejected.

📡 Detection & Monitoring

Log Indicators:

Successful logins with empty username/password fields
Multiple failed authentication attempts followed by success
Logins from unexpected IP addresses

Network Indicators:

Telnet/SSH/REST connections to SAN switches from unauthorized sources
Authentication packets with empty credential fields

SIEM Query:

source="brocade-switch" AND (event="login" OR event="authentication") AND (user="" OR password="")

📊 Metadata

CVE ID: CVE-2021-27794

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: August 12, 2021

Last Updated: November 21, 2024

🔗 References

https://security.netapp.com/advisory/ntap-20210819-0001/ Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552 Vendor Advisory
https://security.netapp.com/advisory/ntap-20210819-0001/ Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1552 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27794, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fabric Operating System by Broadcom

Fabric Operating System by Broadcom

Fabric Operating System by Broadcom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable services

Implement network access controls

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities