Summary

Security Advisory ID : BSA-2021-1481

Component : IPv6 networking

Revision : 1.0

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface.
When IPv6 networking is enabled on the SANnav, either during installation or via the change-ipv4-installation-to-ipv6.shscript, numerous container ports are exposed to the network.

Note.

This issue is related to the underlying OS and not within the SANnav product.   The OVA version of SANnav has addressed this vulnerability within the SANnav product package.   Customer is advised to check their kernel configuration for any non-OVA SANnav deployments.

Affected Products

Brocade SANnav versions before SANnav 2.1.1

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Solution

A security update has been provided in the OVA version of Brocade SANnav 2.1.1 and higher releases. 

Workaround

Credit

This issue was discovered through security testing.

Revision History