Support Content Notification - Support Portal

BSA-2022-1979

Product/Component

Brocade SANnav

1 more products

Notification Id

21283

Last Updated

22 June 2022

Initial Publication Date

22 June 2022

Status

Closed

Severity

High

CVSS Base Score

Base Score: 8.5 HIGH - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

WorkAround

N/A

Affected CVE

CVE-2022-28168

Summary

Security Advisory ID : BSA-2022-1979

Component : Encryption

Revision : 1.0

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.

Affected Products

Brocade SANnav versions before v2.2.0.2 and v2.1.1.8

Products Confirmed Not Vulnerable

Brocade Fabric OS
Brocade ASCG

No other Brocade Fibre Channel Products from Broadcom are affected by this vulnerability.

Solution

A security update has been provided in Brocade SANnav v2.2.0.2, Brocade SANnav v2.1.1.8, and upper Brocade SANnav releases.

Credit

The issue was discovered during internal testing

Revision History

Version	Change	Date
1.0	Initial Publication	June 22, 2022