Brocade Fabric OS (9.x Release) Vulnerability Disclosures

Brocade Directors

4 more products

25000

12 November 2024

27 September 2024

OPEN

HIGH

Varies

Multiple

Brocade Security Advisories posted/updated on November 12, 2024

 

CVEs addressed in FOS 9.2.0c1, 9.2.1a1, and 9.2.2

CVE-2024-10403
SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25145

 

CVEs addressed in FOS 9.2.0c, 9.2.1a1, and 9.2.2

CVE-2024-7517
Privileged escalation via crafted use of portcfg command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25071

CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24987

 

CVE-2023-7104
SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in 'sessionReadRecord' Function of 'Sessions' Extension
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24996

 

CVE-2022-48624
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24994

 

CVE-2022-1304
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24995

 

CVE-2024-4603
Checking excessively long DSA keys or parameters may be very slow
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24990

 

CVE-2023-6237
OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24991

 

CVE-2023-6129
The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24992

 

CVE-2024-1086
A use-after-free vulnerability exists in the Linux kernel's netfilter: nf_tables component
(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/24989




CVEs addressed in FOS 9.2.2

CVE-2024-7516
Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/25177

 

==================================================

Previously disclosed Brocade Security Advisories

 

CVEs addressed in FOS versions 9.1.1d2, 9.2.0b1, and 9.2.1

CVE-2023-29469, CVE-2023-28484, CVE-2022-40304, CVE-2022-40303, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2020-24977
Multiple Vulnerabilities within libxml2
(PSIRT Risk: High)

https://support.broadcom.com/external/content/SecurityAdvisories/0/24612

 

CVE-2022-23990, CVE-2022-22825, CVE-2021-46143, CVE-2019-15903, CVE-2018-20843
Multiple Vulnerabilities within libexpat
(PSIRT Risk: Low)

https://support.broadcom.com/external/content/SecurityAdvisories/0/24611

 

 

CVEs addressed in FOS versions 9.1.1d, 9.2.0b and 9.2.1

CVE-2024-29954
password management API prints sensitive information in log files
(PSIRT Risk: Medium)

https://support.broadcom.com/external/content/SecurityAdvisories/0/23226

 

CVE-2024-29953
Encoded session passwords on session storage for Virtual Fabric platforms
(PSIRT Risk: Medium)

https://support.broadcom.com/external/content/SecurityAdvisories/0/23227

 

CVE-2023-26555, CVE-2023-26554, CVE-2023-26553, CVE-2023-26552, CVE-2023-26551
Multiple NTP vulnerabilities resolved
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23228

 

CVE-2023-3817
Excessive time spent checking DH q parameter value
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23230

 

CVE-2023-3446
Excessive time spent checking DH keys and parameters
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23231

 

CVE-2023-2650
Possible DoS translating ASN.1 object identifiers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23233

 

CVE-2023-0466, CVE-2023-0465
OpenSSL Security Advisory [28th March 2023]
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23234

 

CVE-2019-6109
Missing character encoding in progress display allows for spoofing of scp client output
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23229




CVEs addressed in FOS versions 9.2.0b and 9.2.1

CVE-2023-2975
AES-SIV implementation ignores empty associated data entries
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23232

 

CVE-2023-0464
Excessive Resource Usage Verifying X.509 Policy Constraints
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/23235

 

 

 

CVEs addressed in FOS versions 9.2.0 and 9.2.1


CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22400

 

CVE-2023-31928
XSS vulnerability in Brocade Webtools
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22390

 

CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22393

 

CVE-2022-2097
AES OCB fails to encrypt some bytes
(PSIRT Risk: Medium) -- Only impacts Brocade G730 platform
https://support.broadcom.com/external/content/SecurityAdvisories/0/22394

 

CVE-2021-20193
This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22401

 

CVE-2018-14348
libcgroup up to and including 0.41 creates file with mode 0666 regardless of the configured umask, leading to disclosure of information
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22404

 

CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 

(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22399

 

CVE-2012-0060
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service 

(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22398

 

CVE-2011-4917
Information disclosure in Linux kernels through 3.1 

(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22395

 

CVE-2022-28615
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22355

 

CVE-2022-28614
The ap_rwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22354

 

CVE-2022-2068

openssl file names of certificates being hashed were possibly passed to a command executed through the shell 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22396

 

CVE-2022-0322
A flaw was found in the sctp_make_strreset_req function in net sctp sm_make_chunk.c 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22356

 

CVE-2021-4154
use-after-free flaw found in cgroup1_parse_param (possible denial of service) 

(PSIRT Risk:Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22344

 

CVE-2020-15861
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22397

 

CVE-2018-25032
Zlib memory corruption when deflating (i.e. when compressing) 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22342

 

 

 

CVEs addressed in FOS versions 9.1.1d, 9.2.0a and 9.2.1

CVE-2023-4163
Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
(PSIRT Risk: Medium)

https://support.broadcom.com/external/content/SecurityAdvisories/0/22514

 

CVE-2023-4162
Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
(PSIRT Risk: Medium)

https://support.broadcom.com/external/content/SecurityAdvisories/0/22513

 

 

 

CVEs addressed in FOS versions 9.1.1d1, 9.2.0 and 9.2.1


CVE-2023-3454
Remote code execution (RCE) vulnerability in Brocade Fabric OS
(PSIRT Risk: High)

https://support.broadcom.com/external/content/SecurityAdvisories/0/23215

 

 

CVEs addressed in FOS versions 9.1.1d, 9.2.0 and 9.2.1

CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs
(PSIRT Risk: High)

https://support.broadcom.com/external/content/SecurityAdvisories/0/22402

 

CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation 

(PSIRT Risk: Low)

https://support.broadcom.com/external/content/SecurityAdvisories/0/22403

 

 

 

CVEs addressed in FOS versions 9.1.1c, 9.2.0 and 9.2.1

CVE-2023-31926
Arbitrary File Overwrite using less command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22388


CVE-2023-31432
Privilege issues in multiple commands (portcfgupload, configupload, license, myid)
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22385

 

CVE-2023-31427
Local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22379

 

CVE-2023-31426
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22377

 

CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22389

 

CVE-2023-31431
A buffer overflow vulnerability in “diagstatus” command
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22384

 

CVE-2023-31430
buffer overflow vulnerability in “secpolicydelete” command
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22381

 

CVE-2023-31429
Vulnerability in multiple CLI commands (chassisdistribute, reboot, rasman, errmoduleshow, errfilterset, chassiscfgperrthreshold, supportshowcfgdisable, supportshowcfgenable)
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22408

CVE-2023-31428
CLI allows upload or transfer files of dangerous types
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22380

 

CVE-2022-44792
Potential Denial of Service exploit in Net-SNMP
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22343

 

CVE-2022-23219
GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22350

 

CVE-2021-45486
net ipv4 route.c has an information leak because the hash table is very small
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22352

 

CVE-2021-45485
net ipv6 output_core.c has an information leak because of certain use of a hash
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22351

 

CVE-2021-3800
Flaw in glib could leak content from files owned by privileged users to unprivileged ones
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22348

 

CVE-2021-0146
Hardware allows activation of test or debug logic
(PSIRT Risk: Medium) -- Only impacts Brocade G730 platform
https://support.broadcom.com/external/content/SecurityAdvisories/0/22353

 

CVE-2020-36558
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22392

 

CVE-2020-36557
Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing opening of ttys could lead to a use-after-free
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22378

 

CVE-2020-14145
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22345

   

CVE-2018-7738
Potential privilege escalation by embedding shell commands in a mountpoint name 

(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22341

 

CVE-2022-24448
nfs_atomic_open() performs a regular lookup 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22349

 

 

 

CVEs addressed in FOS versions 9.1.1, 9.2.0 and 9.2.1

CVE-2023-31425
Privilege escalation via the fosexec command
(PSIRT Risk: High)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22407

 

CVE-2021-41617
A flaw in OpenSSH helper programs could lead to local privilege escalation
(PSIRT Risk: Medium)
https://support.broadcom.com/external/content/SecurityAdvisories/0/22340

 

CVE-2022-0778
Infinite loop in BN_mod_sqrt() reachable when parsing certificates 

(PSIRT Risk: Low)
https://support.broadcom.com/external/content/SecurityAdvisories/0/21226

 

 

Revision History

Version

Change

Date

1.0

Initial Publication

 September 26, 2024

2.0

BSA postings for FOS 9.2.0c, 9.2.0c1, 9.2.1a1 and 9.2.2

 November 12, 2024

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.