Brocade SANnav Vulnerability Disclosures
Brocade Security Advisories posted on February 27, 2025
CVEs addressed in SANnav v2.3.1b and v2.4.0
CVE-2024-32487
less Vulnerable to Arbitrary Code Execution via OS Command Execution via newline Character in Filename
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25432
CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent
(PSIRT Risk: Low for SANnav)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25430
=============================
Modified Brocade Security Advisories
CVE-2024-29018
By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25073
=====================================
Brocade Security Advisories posted on February 13, 2025
CVEs addressed in SANnav v2.3.1b and v2.4.0
ROCKY LINUX Upgrade for RLSA-2024:5530, RLSA-2024:5101, RLSA-2024:4583, RLSA-2024:3501, RLSA-2024:3513, RLSA-2024:3619, RLSA-2024:4349, RLSA-2024:4078, RLSA-2024:2758, RLSA-2024:2758
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25398
CVE-2025-1053
Encryption key is logged in the debug logs
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25399
CVE-2024-4282
Weak TLS Ciphers on Brocade OVA SSH port 22
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25400
CVE-2024-2240
Docker implementation in Brocade SANnav is missing audit rules
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25401
CVE-2024-10405
Weak TLS Ciphers on port 443 and 18082
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25402
CVE-2024-10404
Clear text password seen in switch-asset-collectors-mw for supportsave
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25403
CVE-2024-4317
PostgreSQL Vulnerable to Privilege Escalation via Improper Checks in 'pg_stats_ext' and 'pg_stats_ext_exprs' Functions
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25404
CVE-2024-2398, CVE-2024-2466, CVE-2024-2004, CVE-2024-0853
Multiple CURL vulnerabilities in Brocade SANnav OVA deployments before SANnav 2.3.1b
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25405
CVE-2024-0985
PostgreSQL Vulnerable to Privileged Execution of Arbitrary SQL due to Late Privilege Drop in 'REFRESH MATERIALIZED VIEW CONCURRENTLY'
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25406
CVE-2023-5870
PostgreSQL Vulnerable to Denial-of-Service (DoS) in 'pg_signal_backend()'
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25407
CVE-2022-38178
ISC BIND 9 Vulnerable to Denial-of-Service (DoS) via Memory Leaks in EdDSA DNSSEC Verification
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25408
AZUL Zulu Java -- July 2024 Update
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25409
Oracle Critical Patch Update Advisory -- July 2024
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25410
CVE-2024-25710, CVE-2024-26308
Apache Commons Vulnerabilities
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25411
CVE-2024-1597
PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25412
CVE-2023-34455
snappy-java Vulnerable to Denial-of-Service (DoS) due to Improper Input Validation in File 'SnappyInputStream.java'
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25413
CVE-2022-48174
Stack overflow vulnerability in ash.c:6030 in busybox before 1.35 can be executed from command to arbitrary code execution.
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25414
CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25415
CVEs addressed in SANnav v2.3.1b
Rocky Linux OVA updates: kernel (RLSA-2024:8856) expat (RLSA-2024:9502, RLSA-2024-6989) bzip2 (RLSA-2024:8922) krb5 (RLSA-2024:8860) and python3 (RLSA-2024:6975)
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25416
==================================================
Modified Brocade Security Advisories on February 13, 2025
CVE-2022-48624
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE
(PSIRT Risk for SANnav: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24994
CVE-2024-6387
Remote Unauthorized Code Execution Vulnerability in openSSH server (regreSSHion)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24691
CVE-2022-2068
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22396
==================================================
Previously disclosed Brocade Security Advisories
CVEs addressed in SANnav v2.3.1a and v2.3.0a
CVE-2024-2860
The Postgres implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24260
CVE-2023-51385
OpenSSH is vulnerable to an OS command injection issue due to how user name and host name values are processed and referenced by expansion tokens.
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25238
CVE-2023-42795
Apache Tomcat - Information disclosure
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25158
CVE-2023-5869
Buffer overrun from integer overflow in array modification
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25092
CVE-2023-5868
PostgreSQL Memory disclosure in aggregate function calls
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25093
CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918
Oracle Critical Patch Update Advisory - January 2024
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25160
CVE-2023-22025, CVE-2023-22067, CVE-2023-22081
Azul Zulu Java Multiple Vulnerabilities (2023-10-17)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25159
CVEs addressed in SANnav v2.3.1a
CVE-2024-23653, CVE-2024-21626
Container vulnerabilities in Brocade SANnav docker containers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25074
CVEs addressed in SANnav v2.3.1 and v2.3.0a
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24987
CVE-2024-29969
TLS/SSL weak message authentication code ciphers are added by default for port 18082
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23251
CVE-2024-29968
SQL Table names, column names, and SQL queries are collected in DR standby Supportsave
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23253
CVE-2024-29966
hard-coded credential in the documentation that appear as the root password
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23255
CVE-2024-29961
Ping at regular intervals
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
CVE-2024-29959
Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node support save
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23243
CVE-2024-29958
Encryption key in the console
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23242
CVE-2024-29957
The encryption key is stored in the DR log files
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23241
CVE-2023-39417
Extension script @substitutions@ within quoting allow SQL injection
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23259
CVE-2024-29965
A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23250
CVE-2024-29964
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249
CVE-2024-29962
Insecure file permission setting that makes files world-readable
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23248
CVE-2024-29960
Identical SSH keys utilized inside the OVA image
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23244
CVE-2024-29956
cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23240
CVE-2024-29955
SANnav encrypted key in PostgreSQL startup logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23239
CVE-2024-29952
plaintext passwords storage in logs by manipulating command variables
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23238
CVE-2024-29951
SHA-1 hash in internal SSH ports that are not open to remote connection
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23237
CVE-2024-29950
The class FileTransfer implemented uses the ssh-rsa signature scheme
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23236
CVE-2024-4159
SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23282
CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23256
CVE-2023-39410
Apache Avro Java SDK vulnerable to Improper Input Validation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23262
CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22043, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049
Azul Zulu Java Multiple Vulnerabilities (July 2023 update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23263
CVE-2023-22041, CVE-2023-25193, CVE-2023-22045, CVE-2023-22049, CVE-2023-22036, CVE-2023-22006
Oracle Java SE Multiple Vulnerabilities (July 2023 CPU)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23260
CVE-2023-20863
Spring Expression DoS Vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23257
CVE-2023-20861
Spring Expression DoS Vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23261
CVE-2024-29967
Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23254
CVE-2024-29963
Hardcoded TLS keys used by Docker
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23247
CVEs addressed in SANnav v2.3.1 and v2.3.0
CVE-2024-4161
Syslog traffic sent in clear-text
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23284
CVE-2023-31424
Web authentication and authorization bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22507
CVE-2024-2859
By default, SANnav OVA is shipped with root user login enabled
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23245
CVE-2023-31925
Storage of clear text password in Brocade SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22506
CVE-2023-31423
Possible information exposure through log file vulnerability
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22508
CVE-2023-21830, CVE-2023-21835, CVE-2023-21843
Oracle Java SE Multiple Vulnerabilities (Jan 2023 CPU update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22454
CVE-2022-43937
Sensitive fields are recorded in the debug-enabled logs
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22509
CVE-2022-41946
Vulnerable postgresql component found in SANnav RPM package
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22502
CVE-2022-40664
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22449
CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22450
CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399
Azul Zulu Java Multiple Vulnerabilities (Oct 2022 update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22461
CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169
Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22463
CVE-2022-2625
PostgreSQL vulnerability in SANnav 2.2.0.2
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22465
CVE-2016-1000027
Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22456
CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22448
CVE-2022-22950
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22503
CVE-2022-21449, CVE-2022-21476, CVE-2022-21426
Oracle Java SE Multiple Vulnerabilities (Apr 2022 CPU update)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22462
CVE-2022-21248 CVE-2022-21277 CVE-2022-21366 CVE-2022-21282 CVE-2022-21296 CVE-2022-21283 CVE-2022-21291 CVE-2022-21305 CVE-2022-21293 CVE-2022-21294 CVE-2022-21340 CVE-2022-21299 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365
Azul Zulu Java Multiple Vulnerabilities (Jan 2022 Java update)
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22464
CVE-2018-17190
An improper access control vulnerability has been discovered in Apache Spark
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22460
CVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22459
CVE-2017-7657
A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22458
CVE-2015-1315
Buffer overflow in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22457
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
October 14, 2024 |
|
1.1 |
Additional BSAs for security vulnerabilities posted on November 2nd, 2024 for SANnav 2.3.1a and 2.3.0a |
November 12, 2024 |
|
1.2 |
Updated with CVE-2023-51385 posting |
January 7, 2025 |
|
2.0 |
Brocade SANnav 2.3.1b and 2.4.0 security postings |
February 13, 2025 |
|
2.1 |
Updated with CVE-2024-32487, CVE-2024-38428, CVE-2024-29018 postings |
February 27, 2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.