Summary

Security Advisory ID : BSA-2020-1173

Component : SolarWinds Orion Platform Supply Chain Attack

Revision : 2.0

Brocade Security is aware of active exploitation of SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.

More information at: ​​

• SolarWinds Security Advisory

• Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

• Emergency Directive 21-01 

• Alert (AA20-352A). Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Products Confirmed Not Vulnerable

There are no vulnerabilities in Brocade Fibre Channel Products from Broadcom related to this issue,

Note: There are no vulnerabilities in Brocade Manageability products from Broadcom related to this issue. However, if a Brocade Manageability product is installed on the same Server running these SolarWinds® Orion® Platform software products, this is out of Brocade's control.
Brocade recommends Customers to apply recommendations provided by CISA and the Vendors.

Revision History