CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.
21237
13 September 2022
13 September 2022
Closed
High
Base Score: 7.2 HIGH - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
N/A
CVE-2022-33178
Summary Security Advisory ID : BSA-2022-2077 Component : FOS Revision : 1.0
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
Due to improper input validation, the privileged attacker could provide a script as Brocade-Auth-Role parameter that could be executed.
Note: The issue was found during penetration testing against an older version of Brocade Fabric OS. Updated linux and architecture introduced with Brocade Fabric OS 9.0.0 prevents this attack and is not vulnerable.
Affected Product
All Brocade Fabric OS versions before 9.0.0
Products Confirmed Not Vulnerable
- Brocade Fabric OS v9.0.0 and later versions
- No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
Security update provided in Brocade Fabric OS: v9.0.0 and later versions.
Credit
The issue was found during internal penetration testing
Revision History
Version | Change | Date |
|---|---|---|
1.0 | Initial Publication | Sept 13, 2022 |