CVE-2022-33179

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.1.0 Brocade Fabric OS versions prior to 9.0.1e Brocade Fabric OS versions prior to 8.2.3c Brocade Fabric OS versions prior to 7.4.2j

Description A vulnerability in Brocade Fabric OS CLI could allow a local authenticated user to break out of restricted shells and escalate privileges. The issue is related to insufficient access restrictions. An attacker can exploit this vulnerability using commands such as supportlink, firmwaredownload, portcfgupload, and fosexec. The vulnerability can be exploited with the set context command.

Recommendations For Brocade Fabric OS versions prior to 9.1.0, update to version 9.1.0 or later. For Brocade Fabric OS versions prior to 9.0.1e, update to version 9.0.1e or later. For Brocade Fabric OS versions prior to 8.2.3c, update to version 8.2.3c or later. For Brocade Fabric OS versions prior to 7.4.2j, update to version 7.4.2j or later. As a temporary workaround, consider restricting access to the supportlink, firmwaredownload, portcfgupload, and fosexec commands until a patch is available. Avoid using the set context command in restricted shells until the issue is resolved.