PT-2022-3072 · Brocade · Brocade Sannav
Published
2022-06-22
·
Updated
2023-08-08
·
CVE-2022-28166
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brocade SANnav versions prior to 2.1.1.8
Brocade SANnav versions prior to SANN2.2.0.2
Description
The issue is related to the implementation of TLS/SSL Server in the Brocade SANnav software, which supports the use of static key ciphers on ports 443 and 18082. This could allow a remote attacker to elevate their privileges.
Recommendations
For Brocade SANnav versions prior to 2.1.1.8, update to version 2.1.1.8 or later.
For Brocade SANnav versions prior to SANN2.2.0.2, update to version SANN2.2.0.2 or later.
As a temporary workaround, consider disabling the use of static key ciphers on ports 443 and 18082 until a patch is available.
Fix
Use of a Broken Cryptographic Algorithm
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Brocade Sannav