CVE-2022-43933 : Configuration secrets are logged in support-save
21221
08 November 2022
08 November 2022
Closed
Medium
4.4 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
No
CVE-2022-43933
Summary Security Advisory ID : BSA-2022-2123 Component : Configsecrets Revision : 1.0
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.
Products Affected
Brocade SANnav versions before v2.2.2
Products Confirmed Not Affected
- No other Brocade Fibre Channel products are affected.
Credit.
This issue was found internally.
Revision History
Version | Change | Date |
|---|---|---|
1.0 | Initial Publication | Nov 8, 2022 |