Summary

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.  

Products Affected

• Brocade 6547 (FC5022) embedded switches running Brocade Fabric OS prior to v8.2.3e1_pha firmware

Note: The vulnerability requires SNMP user account access to issue the unique embedded switch SNMP commands.

Products Confirmed Not Affected

• All Brocade switches, other than the Brocade 6547, running Brocade Fabric OS versions prior to v9.0. [VEX Justification: Inline_mitigations_already_exist]
• All Brocade switches running Brocade Fabric OS v9.0 and later versions. [VEX Justification: Vulnerable_code_not_present]

Solution

• A solution is provided in Fabric OS v8.2.3e1_pha patch release will remove the vulnerable component from the code.

Credit

• Pierre Barre reported the issue to Brocade

Revision History

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.