Name of the Vulnerable Software and Affected Versions:

Brocade Fabric OS versions prior to 9.2.0c

Brocade Fabric OS versions 9.2.1 through 9.2.1a

Description:

The issue is related to a command injection vulnerability in the IPSEC component of Brocade Fabric OS, which could allow a local authenticated attacker to perform a privileged escalation via crafted use of the `portcfg` command. This specific exploitation is only possible on IP Extension platforms, including Brocade 7810, Brocade 7840, Brocade 7850, and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack.

Recommendations:

For Brocade Fabric OS versions prior to 9.2.0c, update to version 9.2.0c or later.

For Brocade Fabric OS versions 9.2.1 through 9.2.1a, update to version 9.2.1b or later.

As a temporary workaround, consider restricting access to the `portcfg` command until a patch is available.