Summary

Security Advisory ID : BSA-2021-1721

Component : shell

Revision : 1.0

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

An attacker gains complete knowledge of any file contents on the system with what seems to be the equivalent of root permissions. This could lead to a complete compromise of data confidentiality.

Affected Products

Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d.

Products Confirmed Not Vulnerable

Brocade Fabric OS v9.0.0, v7.4.2, v8.0.2, and later are not impacted.

Solution

Brocade has provided Security update in Brocade Fabric OS versions Brocade Fabric OS v9.0.0, v8.0.1b, v7.4.2, v8.0.2, v7.4.1d. Brocade recommends upgrading to these versions or later to receive the security update.

Credit

Brocade would like to thank “Cody Martin” from Black Lantern Security for reporting this issue in Brocade Fabric OS: v7.4.1b, and v7.3.1d.

Note:

Brocade Fabric OS: v7.4.1b and v7.3.1d have reached End of Availability (EOA) and are no longer supported. Brocade also recommends Customers run supported Brocade software versions.

Revision History