Summary

Security Advisory ID : BSA-2020-1078

Component : Supportlink CLI

Revision : 2.0

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

Note: Only Brocade Fabric OS version 8.2.1 and higher are affected. Brocade Fabric OS v.9.0.0 and later releases are not affected.

Affected Products

Brocade Fabric OS versions after version 8.2.1 and before v9.0.0

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update is provided in Brocade Fabric OS versions v8.2.2c, v8.2.1e.

All later versions of Brocade Fabric OS, including all FOS 9.X releases, will also contain this same security update.

Recommended Action

Brocade strongly recommends that all customers running the impacted version(s) upgrade to one of the identified patch levels or a higher version of Brocade Fabric OS to obtain this update.

Credit:

This issue was discovered through security testing.

Revision History