CVE-2022-33182 Brocade Fabric OS CLI privilege escalation vulnerability could let a local user escalate their privileges to root using 'supportlink' and 'firmwaredownload' commands.

Brocade recommends updating to the latest release to avoid this issue. Brocade recommends installing the CLI update. Brocade also recommends applying the following rules: Brocade recommends disabling all Brocade SwitchOS commands. Brocade recommends restricting the use of Brocade SwitchOS commands to only the following: adding a port to the device, downloading a firmware image, loading a license, and executing a specific command. Brocade recommends restricting the use of Brocade SwitchOS commands to only the following: adding a port to the device, downloading a firmware image, loading a license, and executing a specific command. Brocade Fabric OS will block the following Brocade SwitchOS commands: supportlink, firmwaredownload, portcfgupload, license, fosexec, and some other commands. Brocade recommends restricting the use of Brocade SwitchOS commands to only the following: adding a port to the device, downloading a firmware image, loading a license, and executing a specific command. Brocade Fabric OS will block the following Brocade SwitchOS commands: supportlink, firmwaredownload, portcfgupload, license, and some other commands. Brocade Fabric OS v9.0.1e, v9.1.0, v8.2.3c, v8.2.0cbn5, v10.0.0, and v10.0.1, Brocade VDX 8810, and Brocade VDX 8821P

Brocade recommends updating to v9.0.1e or v9.1.0

To avoid this issue, it is recommended that you update to Brocade Fabric OS v9.0.1e or v9.1.0
The following rules are recommended:
Brocade recommends disabling all Brocade SwitchOS commands.
Brocade recommends restricting the use of Brocade SwitchOS commands to only the following: adding a port to the device, downloading a firmware image, loading a license, and executing a specific command.
Brocade recommends restricting the use of Brocade SwitchOS commands to only the following: adding a port to the device, downloading a firmware image, loading a license, and executing a specific command.
Brocade Fabric OS will block the following Brocade SwitchOS commands: supportlink, firmwaredownload, portcfgupload, license, and some other commands.

Affected Software

Brocade recommends updating to the latest release to avoid this issue. Brocade recommends installing the CLI update. Brocade also recommends applying the following rules: Brocade recommends disabling all Brocade SwitchOS commands.

Extra DNS Forwarding

If you are using a Brocade switch with software version v9.0.1e, v9.1.0, or v8.2.3c, you must also enable extra DNS forwarding to allow clients to find the DHCP server to update their DNS settings as well as allow clients to resolve hostnames during a reboot on the switch when DHCP has been disabled on the switch.

Important Notes

Brocade recommends updating to the latest release. Brocade also recommends applying the following rules: Brocade recommends disabling all Brocade SwitchOS commands. Brocade recommends restricting the use of Brocade SwitchOS commands to only the following: adding a port to the device, downloading a firmware image, loading a license, and executing a specific command. Brocade recommends restricting the use of Brocade SwitchOS commands to only the following: adding a port to the device, downloading a firmware image, loading a license, and executing a specific command.

Timeline

Published on: 10/25/2022 21:15:00 UTC
Last modified on: 10/28/2022 13:28:00 UTC

References