Support Content Notification - Support Portal

BSA-2017-258

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21494

Last Updated

02 May 2017

Initial Publication Date

02 May 2017

Status

Closed

Severity

Medium

CVSS Base Score

5.9

WorkAround

N/A

Affected CVE

CVE-2017-3730

Summary
Security Advisory ID : BSA-2017-258
Component : ECDHE Parameters
Revision : 1.0: Interim

If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer<br>leading to a client crash. This could be exploited in a Denial of Service attack.

Affected Products

Product	Current Assessment
Brocade Services Director	Impacted: Fixed in 2.3r1 and later.

Products Confirmed Not Vulnerable

Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network OS, Brocade ServerIronADX, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	May 2, 2017

Summary Security Advisory ID : BSA-2017-258 Component : ECDHE Parameters Revision : 1.0: Interim

Revision History

Summary
Security Advisory ID : BSA-2017-258
Component : ECDHE Parameters
Revision : 1.0: Interim