Summary

Security Advisory ID : BSA-2020-1075

Component : Management Interface

Revision : 2.0

A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 or before Brocade Fabric OS v8.2.1 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

Note: The vulnerability affects only access to the management interface. There is no impact on the fibre channel traffic.

Affected Products

Brocade Fabric OS versions before v9.0.0 or v.8.2.1

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update has been provided in Brocade Fabric OS versions v9.0.0, and Brocade Fabric OS v8.2.1 and higher releases. 

All later versions of Brocade Fabric OS, including all FOS 9.X releases, and all releases above 8.2.1 releases will also contain this same security update.

Workaround

Minimizing exposure to this vulnerability can be done by the following mean:

• Using firewall and ipfilter to limit access to management interface from trusted hosts only.

Credit

This issue was discovered through security testing.

Revision History