PT-2022-5071 · Brocade · Brocade Fabric Os
Published
2022-09-13
·
Updated
2023-03-02
·
CVE-2022-33180
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Brocade Fabric OS versions prior to 9.1.0
Brocade Fabric OS versions prior to 9.0.1e
Brocade Fabric OS versions prior to 8.2.3c
Brocade Fabric OS versions prior to 8.2.0cbn5
Description
A vulnerability in the Brocade Fabric OS CLI could allow a local authenticated attacker to export sensitive files. The issue is related to information disclosure and can be exploited using the
seccryptocfg and configupload commands.Recommendations
For Brocade Fabric OS versions prior to 9.1.0, update to version 9.1.0 or later.
For Brocade Fabric OS versions prior to 9.0.1e, update to version 9.0.1e or later.
For Brocade Fabric OS versions prior to 8.2.3c, update to version 8.2.3c or later.
For Brocade Fabric OS versions prior to 8.2.0cbn5, update to version 8.2.0cbn5 or later.
As a temporary workaround, consider restricting the use of the
seccryptocfg and configupload commands until a patch is available.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Fabric Os