BSA-2017-315
Summary
Security Advisory ID : BSA-2017-315
Component : Management Module
Revision : 1.0: Interim
Improperly checks for unusual or exceptional conditions when the Management Module is continuously scanned on port 22 may allow attackers to cause a denial of service (crash and reload) of the management module.
Affected Products
Product | Current Assessment |
---|---|
Brocade NetIron XMR/MLX and Brocade CES/CER on NetIron | Impacted: NetIron 05.8.00 and later releases, up to and including 06.1.00. Fixed in 5.8.00fb, 5.9.00C, 6.0.00c, 6.1.00a and later releases. |
Products Confirmed Not Vulnerable
No other Brocade products are currently known to be affected by this vulnerability.
Solution
Brocade has fixed the vulnerability described in this advisory in Brocade NetIron 5.8.00fb, 5.9.00C, 6.0.00c, 6.1.00a and later releases. The patch releases have been posted to the MyBrocade web portal. Brocade strongly recommends that all customers running the impacted version(s) install the patch.
Workaround
Stop any known port-scanning tools scanning SSH port 22 to the device. Restrict SSH access only to authorized users by using access-list.
To configure an ACL to permit allowed hosts, enter commands such as the following:
device(config)# access-list 12 permit host 192.168.1.1
device(config)# ssh access-group 12
device(config)# write memory
device(config)# ssh access-group 12
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | June 23, 2017 |