CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input
20 September 2022
13 September 2022
Base Score: 7.5 HIGH - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary Security Advisory ID : BSA-2022-2078 Component : FOS Revision : 1.1
Security Advisory ID : BSA-2022-2078
Component : FOS
Revision : 1.1
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
All Brocade Fabric OS versions.
Products Confirmed Not Vulnerable
- No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Security update provided in Brocade Fabric OS v9.1.1, v9.0.1e, and v9.1.0b
The issue was found during internal penetration testing
Sept 13, 2022
Added FOS v9.1.0b, updated 9.0.1e
Sept 20, 2022