Support Content Notification - Support Portal

BSA-2020-1076

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21588

Last Updated

07 December 2020

Initial Publication Date

08 September 2020

Status

Closed

Severity

High

CVSS Base Score

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N â€“ 7.1

WorkAround

Yes

Affected CVE

CVE-2019-16211

Summary

Security Advisory ID : BSA-2020-1076

Component : Database credentials

Revision : 1.1

Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An unauthenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.

Affected Products

Brocade SANnav versions before v2.1.0.

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update is provided in Brocade SANnav 2.1.0.

Recommended Action

Brocade strongly recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade SANnav to obtain this update.

Credit

This issue was discovered through security testing.

Revision History

Version	Change	Date
1.0	Initial Publication	September 08, 2020
1.1	CVSS 3.1 vectors added	December 07, 2020