Support Content Notification - Support Portal

BSA-2022-1840

Product/Component

Brocade SANnav

1 more products

Notification Id

21296

Last Updated

03 May 2022

Initial Publication Date

03 May 2022

Status

Closed

Severity

Medium

CVSS Base Score

5.0 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

WorkAround

N/A

Affected CVE

CVE-2022-28161

Summary

Security Advisory ID : BSA-2022-1840

Component : debug mode

Revision : 1.0

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

Affected Products.

Brocade SANnav - Fixed in Brocade SANnav 2.2.0

Product Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Credit

The issue was discovered in penetration testing.

Revision History

Version	Change	Date
1.0	Initial Publication	May 3, 2022