CVE-2022-43936: Switch passwords in logs

Brocade SANnav

0 more products

21218

08 November 2022

08 November 2022

Closed

Medium

6.8 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

No

CVE-2022-43936

Summary

Security Advisory ID : BSA-2022-2126

Component : Logs

Revision : 1.0

Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords.

Products Affected

Brocade SANnav versions before v2.2.2

Products Confirmed Not Affected

  • No other Brocade Fibre Channel products are affected.

Credit.

This issue was found internally.

Revision History

Version

Change

Date

1.0

Initial Publication

Nov 8, 2022