CVE-2022-33184. Stack-based buffer overflows, allowing the execution of arbitrary code.
21231
20 September 2022
13 September 2022
Closed
Medium
Base Score: 6.1 MEDIUM -CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
N/A
CVE-2022-33184
Summary Security Advisory ID : BSA-2022-2080 Component : FOS Revision : 1.0
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
Affected Product
All Brocade Fabric OS versions.
Products Confirmed Not Vulnerable
- No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
Security update provided in Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, v7.4.2j
Credit
The issue was found during internal penetration testing
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | Sept 13, 2022 |