PT-2022-5069 · Brocade · Brocade Fabric Os
Published
2022-09-13
·
Updated
2023-03-02
·
CVE-2022-28170
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brocade Fabric OS versions prior to 9.1.0
Brocade Fabric OS versions prior to 9.0.1e
Brocade Fabric OS versions prior to 8.2.3c
Brocade Fabric OS versions prior to 7.4.2j
Description
The issue is related to the storage of critical information in an unencrypted manner. This could allow an attacker to gain unauthorized access to protected information. Specifically, server and user passwords are stored in debug statements, which could be extracted by a local user from a debug file.
Recommendations
For versions prior to 9.1.0, update to version 9.1.0 or later to resolve the issue.
For versions prior to 9.0.1e, update to version 9.0.1e or later to resolve the issue.
For versions prior to 8.2.3c, update to version 8.2.3c or later to resolve the issue.
For versions prior to 7.4.2j, update to version 7.4.2j or later to resolve the issue.
As a temporary workaround, consider restricting access to debug files to minimize the risk of exploitation.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Brocade Fabric Os