CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input

Brocade Fabric OS

2 more products

21230

20 September 2022

13 September 2022

Closed

High

Base Score: 7.5 HIGH - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

N/A

CVE-2022-33185

Summary

Security Advisory ID : BSA-2022-2078

Component : FOS

Revision : 1.1

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.

Affected Product

All Brocade Fabric OS versions.

Products Confirmed Not Vulnerable

  • No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.

Solution

Security update provided in Brocade Fabric OS v9.1.1, v9.0.1e, and v9.1.0b

Credit

The issue was found during internal penetration testing

Revision History

Version

Change

Date

1.0

Initial Publication

Sept 13, 2022

1.1

Added FOS v9.1.0b, updated 9.0.1e

Sept 20, 2022