Brocade Communications Systems (Brocade) is committed to resolving vulnerabilities to meet the needs of its customers and the broader technology community.  Brocade Product Security Incident Response Team (Brocade PSIRT) is a global team that manages the receipt, investigation and internal coordination of security vulnerability information related to Brocade Fibre Channel technology products from Broadcom. Brocade PSIRT follows a defined secure development lifecycle and indicent response.

To report a vulnerability in a non-Brocade Broadcom product or website, visit the Broadcom Product Security Center.

Brocade customers should use our support site, or the site belonging to their support provider, to report a vulnerability.  Brocade customers may also receive product alerts and advisories by subscribing to Proactive Notifications.

Brocade welcomes reports from Reporters, Security researchers, Individuals, Coordinators, Industry groups, Government organizations, Vendors and other sources about potential vulnerabilities in Brocade Fibre Channel technology products from Broadcom. Contact Brocade PSIRT by Email at [email protected].

Brocade encourages the encryption of sensitive information that is sent in email messages. The Brocade PSIRT supports encrypted messages via PGP/GNU Privacy Guard (GPG). The Brocade PSIRT public PGP Key is available on multiple public key servers and at the bottom of this document.  Please include the following information in the report:

Researcher Contact information

• Public PGP key
• Do you want to be credited?
• Do you plan to publicly disclose this vulnerability yourself? (Please include your disclosure policy)

Vulnerability Description

• What Software, Systems are affected
  • Product name(s)
  • Product version(s)
  • Configuration, platform or operating system
• Description of the vulnerability (Technical detail, proof of concept and steps to reproduce)
  • What is the vulnerability? Provide sufficient technical detail
  • How does an attacker exploit this vulnerability?
  • Steps to reproduce
  • What does an attacker gain by exploiting this vulnerability? (i.e., what is the impact?):
  • How was the vulnerability discovered? (Tools and techniques used)\
  • Is this vulnerability publicly known?
  • Is there evidence that this vulnerability is being actively exploited?

Working with Reporters

Brocade PSIRT will acknowledge receipt of the vulnerability report. If we verify the vulnerability report, we may issue a formal security notice at a future date. Vulnerability reporters, who follow common coordinated disclosure procedures and work with us, may receive acknowledgement in the security notice. We are a Mitre CNA and will assign CVE identifiers for new and confirmed vulnerabilities in actively supported products. Broadcom does not currently offer bounties for vulnerability reports.

Brocade Security Advisories

Brocade PGP Key

The following PGP key is available for the encryption of sensitive communications

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGJdsDABEACuTOnOTgpg2kxy15ak1UBfc5rmYOwPcTlDqbBVBPy5Ecu4n3Rl
3tdpUYwJE+PkVogQDq//ucHLLrjS6gxOsrupRjiQOEj49/7QAqK9aJlqhLJ4ZHuc
9ctjTmG4mS9z2jIMBgwZXxK3kZEr4lrZcL9p6+Ye+oO9TlnsPut5NPl27iuKUMbu
4FtScU5wDLpoambsLL4CSKLlRjee12v3heN6fN4xl9FrH7GPqWNADpeKVrDIKKwy
GB5aaf8v1aG4fXCvwqwkKuSQlZYIv/vROfoi+v0VyeRXl4BzDoyFckgJ/ypalRs1
jdXLaqRmxHxU6xfhiYuouHHcXfNFrvpbY9sBKI9fagWsgR8uIvZdLhX/LcR1CRqM
zMeC9+Xgj48/bkRm2VXeTHtG+EmrK8JNSu9fWlA5x/3XwLK4pGfgqx427u3uDJ8+
8eABxebvbD4KcOkNGf+nz80WSlapaTtkyXwkGZLoN8/oZT3s6Sg737/oVeaLOJSL
08X973MOXb8H63D83W6JJXHfZ1bLHMT32M71HuIr9v6embAafSZThm9wHZJPTSOh
pbxl2H+jpdmN4/6TtXZG2s8SeNCvvbzuqn4rUZxF6bVqH6a5BofODDJ3XLP1AEZS
ClyBvTzE24pMYDKFX0/FGO9OjeU/F3xgJSokWjyYiDtiv1DcFcqQ9iikgwARAQAB
tChCcm9jYWRlIFNJUlQgPGJyb2NhZGUuc2lydEBicm9hZGNvbS5jb20+iQJYBBMB
CABCAhsDBQsJCAcCAyICAQYVCgkICwIEFgIDAQIeBwIXgBYhBKEcUaOPWD2itry0
E7UIgDfvAsMeBQJmHMGpBQkJY+/kAAoJELUIgDfvAsMexFAP/1l9Rep/U3vYWy3w
fnMP49PbUEdBvd/yzF5G/qtY+5NWnWAs97eb0rAHsdbCPZfv//2NJ8HAL3Ua1IHq
lMsWUpTsgrFW3hZRiJgKLCnnG9yeM8D2gQzzn7eKlN+PDMd+kE2nZIv6jylzNuzQ
sgNcOShYrvWIRAqgBj45sTNpULzBNeLjYp7vkKkO+F7mIB/IJPTu/giJDxdMLeTC
xzh4c6lcD7p+qCW6jO2NLxzsVih/uQAhO9brGd1WCDMByrT03Q6mpKYH1bAyAgNK
AJLmmtsvYKQs7bKw5xepoQI8utOaRZqdi8Y+z9/Ett97RJPXDIl3qBnmEcmWEeaU
iYjmVQbAdCIO8nXxuVvEHRW7q4x+HGZhlzrbmpfmIzsVBXZ+rLWK368YRLcZ1SgQ
2zDuJ8/vMr7uedrub6gxlMwV1uv57pkYqmuavAS+uDkG8ZuvUL+m8+wV2iQA1NnC
h0wlThSwcSi0rvoOqgUvAt/oVupIgYuF0Y+UMLGSZNmY3rv0GubAhOEqjAQc+U/A
3YivfF7WkQgCh2EeYd2s5jHRT2sD9WGJcCiW8lqg1yuXblmcMrtmaVBpga4Ya5Xe
ofBzJgdnYkgloTiFPLuyzd7XDXyUfykFJX9oeya2vQJMvXcxVbGXnQYZnQlJArZ9
EkLN9fnk4VZXUPLMXiHlArvQDPMbuQINBGJdsDABEACiI0gc3B5qwujxn+q1L9wb
bYE9XgfIm2z669qiAKN1OPHqS9AonBLFbTsR8w5ywB6kVusl6mC2HlSpsvUNPWLn
C/ipkAM5ftOdPDg+muPHJzpluB6dNqJCvFjafS7dg1XyoZnTLSnWpzNKfPohxFmd
wVFQe3LnWItPTMvzVk67kz8R8lBRtWCd5xvlSMhaFrwje132d2PqbTOl8ForA7cb
YBBNQkg24EQE5FTYnBqDa4tjv5maiVBi7Dj67XzNxEZHkaubnjhi2LX7BaKBoVGq
qMg/DInxYSFalH/8tJt2OGvZKCbAk9qCom18GEC70uzdqXi/wOF+XhjiK0gnG/+V
9cABt48ylykwvq/BPUoxkD1/4g2DYdNr9VhTbB1s1KOwVUgSeeIAGpblRd9XaOZp
LDvkRkRa70g6wQuIzPBbLvwqB+EFi6WwXmLv0EMVcKr6HEwFA9FoDL5+16VwusJg
u/hL5u/xkafxjeoyicdc19tWDnjerlMPJ/hAK7zgMORZBVE/N/gJAF+OppwcWAFm
F1Ibccuovncw2d2GYHQ71c4Uy3Wpnt9nQcgxpD7wP9wZXUt7TyfKA9Y9zUMZY/AJ
kGI4YKflQkt2LZbYdTkwmdKqVcURU3bP+gg2qBC56J81nTLzjVMhRlfGMuypt1xx
UodZ5ZlCB+6VIBfO6RajIQARAQABiQI8BBgBCAAmAhsMFiEEoRxRo49YPaK2vLQT
tQiAN+8Cwx4FAmYcwaoFCQlj7+UACgkQtQiAN+8Cwx7OLQ/8DugxeadgGAtoI/Qo
AaxN+anlQDQNCY+bK9qd1xSZyYLwRzAah9UcaLMY2wcP4rWIAtKBy1OeCPsjMfNa
lUCn4n1TDHX095y7Hw5SiuZrTd5pcSgX0p5PRKWx1+ykahUZS6mzXMehbWT52hTe
Kc31wOBh/G+mGoYScnRoLtJ4yvllbWUL706nsT4+CJkhsIrQKpMtM7ZnOyivSCPL
ZxNRz0B4zPjR8ZPJnULynfOllT0LgGCoqNPeCpSUVw+emNNY2CzUCGMSjrAUbeul
08fX7ixItwnoLzjkOhS/72ov8kdH5o5ZDjws47G/vRpuEwUwkL4TTPvXLaXVekrG
gHKXPt51atEj2vwdNrayDb5ZUnsX7Jaa6GgN1nk4dtZ7wdzx0auGtxRmJe3Fgt3r
QHAWjkPhurFzNuTX7CHs8d3kpTbn437gORwEdvbABV3W7tSSUa57EN1IP5GNti/U
akpci7uX/Py4i7a4Jj7h85iceivhG78iyzFAvzYAmLjcFmEw1tbAsu6DH/VT3DXq
FHoeBEqSJ/qXC+dRNKweO9+iPw2tUyjwT9hHU5C9zP+AEelIUAd++vwNRvKjYcpq
WyIGO9oBuIKw5ByftvngleZxKntQsm5CpJb0JK6ckpcY/WciZhAybP3enAh5L3FO
FABRIUpmJaO8Oj55w4Laezh/B6g==D1kt
-----END PGP PUBLIC KEY BLOCK-----