BSA-2022-2012
21278
25 July 2022
25 July 2022
Closed
Low
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - 3.3
N/A
CVE-2021-27798
Summary Security Advisory ID : BSA-2022-2012 Component : Brocade Fabric OS Revision : 1.1: Final
Brocade has received a report from Black Lantern Security of a potential Privileged Directory Traversal vulnerability on Brocade Fabric OS: v7.4.1b, v7.3.1d stating that:
“From within the restricted shell environment (rbash) as either the “user†or “factory†account, it is possible to access and list the entirety of the filesystem utilizing the “more†binary and tab-completion.
This appears to be with root equivalent permissions regardless of who you are logged in asâ€.
The detail provided by the Researcher.
- From within the restricted shell environment (rbash) as either the “user†or “factory†account, it is possible to access and list the entirety of the filesystem utilizing the “more†binary and tab-completion. This appears to be with root equivalent permissions regardless of who you are logged in as.
- To reproduce, in an active SSH session with the affected software, type the command “more†and press the TAB key until a listing of the current directory is given. Supplying partial paths such as “more /†or “more /etc/†followed by pressing the TAB key will display that directories full contents.
- An attacker gains complete knowledge of the underlying filesystem structure including all available binaries within the user’s PATH environment variable.
Brocade's statement
Brocade Fabric OS: v7.4.1b and v7.3.1d have reached End of Availability (EOA) and are no longer supported. Brocade recommends Customers run supported Brocade software versions.
- Brocade Fabric OS Administration Guide documents default users accounts for Brocade Fabric OS actively supported versions.
- The Brocade Fabric OS Administration Guide reads: “predefined accounts offered by Fabric OS that are available in the local-switch user database. The password for all default accounts should be changed during the initial installation and configuration of each switch.â€
- In all actively supported Brocade Fabric OS versions, users cannot move beyond file systems permission assigned to them; the switch admin can also restrict user access to the switch.
- In Brocade Fabric OS 9. x, released June 24th, 2020, Brocade has made architectural changes to prevent using <tab> <tab>.
- Customers are advised to refer to the Brocade Product End-of-Life report.
Credit
This issue was found by “Cody Martin†from Black Lantern Security on Brocade Fabric OS: v7.4.1b, and v7.3.1d.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | Jul 25, 2022 |
1.1 | Add EOL link. | Aug 1, 2022 |