CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input
21230
20 September 2022
13 September 2022
Closed
High
Base Score: 7.5 HIGH - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
CVE-2022-33185
Summary Security Advisory ID : BSA-2022-2078 Component : FOS Revision : 1.1
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.
Affected Product
All Brocade Fabric OS versions.
Products Confirmed Not Vulnerable
- No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
Security update provided in Brocade Fabric OS v9.1.1, v9.0.1e, and v9.1.0b
Credit
The issue was found during internal penetration testing
Revision History
Version | Change | Date |
|---|---|---|
1.0 | Initial Publication | Sept 13, 2022 |
1.1 | Added FOS v9.1.0b, updated 9.0.1e | Sept 20, 2022 |