CVE-2022-28170. Brocade Fabric OS Web Application services store server and user passwords in the debug statements.
21229
20 September 2022
13 September 2022
Closed
Medium
Base Score: 6.5 MEDIUM - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
N/A
CVE-2022-28170
Summary Security Advisory ID : BSA-2022-2076 Component : FOS Revision : 1.1
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
Affected Product
All Brocade Fabric OS versions.
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
Security update provided in Brocade Fabric OS: v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, v7.4.2j, and v9.1.0b
Credit
The issue was found during internal penetration testing
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial publication | Sept 13, 2022 |
1.1 | Added FOS v9.1.0b | Sept 20, 2022 |