Support Content Notification - Support Portal

CVE-2022-43933 : Configuration secrets are logged in support-save

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21221

Last Updated

08 November 2022

Initial Publication Date

08 November 2022

Status

Closed

Severity

Medium

CVSS Base Score

4.4 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

WorkAround

Affected CVE

CVE-2022-43933

Summary

Security Advisory ID : BSA-2022-2123

Component : Configsecrets

Revision : 1.0

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in support-save. Support-save file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.

Products Affected

Brocade SANnav versions before v2.2.2

Products Confirmed Not Affected

No other Brocade Fibre Channel products are affected.

Credit.

This issue was found internally.

Revision History

Version	Change	Date
1.0	Initial Publication	Nov 8, 2022