[VIM] CVE-2013-6810 / EMC / HP issue is actually Brocade

Christey, Steven M. coley at mitre.org
Wed Jan 29 11:58:29 CST 2014


CVE-2013-6810 was originally published in EMC advisory ESA-2013-089 and HP's HPSBHF02953.  We have received confirmation that this issue is actually due to a third-party product, produced by Brocade.   However, there are no publicly-accessible advisories from that vendor.

A Brocade representative has provided CVE with the following information for publication.

- Steve


Affected Products : Brocade Network Advisor 11.2.x, 11.3.x, 12.0.x

Corrected in: Brocade Network Advisor 12.1.0 and later releases

Vulnerable installation conditions : Default installations exposed to external access

Non-vulnerable installation conditions : Brocade Network Advisor server isolated from external networks using strict firewall rules only allowing who can interact with Brocade Network Advisor server.

Description : Brocade Network Advisor Server is vulnerable to remote attacks which can transfer and execute arbitrary code.

CVE Identifier: CVE-2013-6810		

CVSSv2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)		

Discovered by: Andrea Micalizzi aka rgod with Zero Day Initiative

Disclosure date : 12/2/2013

Disclosure coordinated with discoverer and Brocade partners.

More information about the VIM mailing list