PT-2022-7034 · Brocade · Brocade Fabric Os

Omar Eissa

Published

2022-09-13

Updated

2023-03-02

CVE-2022-28169

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to v9.1.1 Brocade Fabric OS versions prior to v9.0.1e Brocade Fabric OS versions prior to v8.2.3c

Description The issue allows a low-privilege webtools user to gain elevated admin rights by exploiting a vulnerability in Brocade Webtools. This can be achieved by intercepting and editing the admin and operator authorization headers, which are sent unencrypted, to create a new user with an admin role using the operator's session ID.

Recommendations For Brocade Fabric OS versions prior to v9.1.1, update to version v9.1.1 or later. For Brocade Fabric OS versions prior to v9.0.1e, update to version v9.0.1e or later. For Brocade Fabric OS versions prior to v8.2.3c, update to version v8.2.3c or later.

Fix

Improper Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-269

Related Identifiers

BDU:2023-07195

CVE-2022-28169

Affected Products

Brocade Fabric Os

PT-2022-7034 · Brocade · Brocade Fabric Os

CVE-2022-28169

Weakness Enumeration

Related Identifiers

Affected Products

References · 7