Support Content Notification - Support Portal

BSA-2022-1977

Product/Component

Brocade SANnav

1 more products

Notification Id

21282

Last Updated

22 June 2022

Initial Publication Date

22 June 2022

Status

Closed

Severity

High

CVSS Base Score

Base Score: 7.5 HIGH - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WorkAround

N/A

Affected CVE

CVE-2022-28166

Summary

Security Advisory ID : BSA-2022-1977

Component : TLS/SSL

Revision : 1.0

In Brocade SANnav versions before v2.2.0.2, and v2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.

Affected Products

Brocade SANnav versions before v2.2.0.2 and v2.1.1.8 on port 443 & 18082

Products Confirmed Not Vulnerable

Brocade Fabric OS
Brocade ASCG

No other Brocade Fibre Channel Products from Broadcom are affected by this vulnerability.

Solution

A security update has been provided in Brocade SANnav v2.2.0.2 and Brocade SANnav v2.1.1.8 on ports 443 & 18082, and upper Brocade SANnav releases.

Credit

The issue was discovered during internal testing

Revision History

Version	Change	Date
1.0	Initial Publication	June 22, 2022