CVE-2022-33186 Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, and earlier versions have a vulnerability that could allow a remote unauthenticated attacker to execute commands on the switch that could disable the switch or modify Zoning.

This vulnerability is due to incorrect function of the software and can be exploited by a remote attacker. Brocade recommends applying a security patch as soon as possible. Brocade Fabric OS 9.1.1 is available for download. Brocade Fabric OS v8.2.3c is available for download. Brocade Fabric OS v7.3.2j is available for download. Brocade Fabric OS v6.2.9r is available for download. Brocade Fabric OS v5.2.0b is available for download. Brocade Fabric OS v4.0.0e is available for download. Brocade Fabric OS v3.0.4b is available for download. Brocade Fabric OS v2.2.2a is available for download. Brocade Fabric OS v1.2.1 is available for download. Brocade Fabric OS v0.3.3 is available for download. Brocade Fabric OS v0.2.1 is available for download. Brocade Fabric OS v0.1.4 is available for download. Brocade Fabric OS v0.1.2 is available for download. Brocade Fabric OS v0.0.3 is available for download. Brocade Fabric OS is a suite of software allowing switches to manage and connect to other network devices such as servers, PCs, and more. Brocade Fabric OS v9.1.1 is available for download. Brocade Fabric OS v9.0.1

Brocade Fabric OS 9.1.1 Changelog

- Enhanced security on various systems including the following:
- Improved authentication and authorization on System Manager GUI
- Increased the number of allowable write processes for a user on Brocade Fabric OS System Manager virtual terminal --- from 3 processes to 8 processes.

Brocade Fabric OS v9.0.1 Description

Brocade Fabric OS v9.0.1 is a patch for the Linux kernel to address CVE-2018-14634, a vulnerability that could be exploited by unauthorized users to cause a denial of service (DoS) condition or potentially gain elevated privileges. For more information on this issue, refer to the security bulletin published by the CERT/CC.

Brocade Fabric OS v8.2.3c

This is a critical patch that resolves two security vulnerabilities.
1) CVE-2019-5971 - Remote command execution vulnerability in Brocade VDX/VNX, VDX-E, VDX-MP, NX-OS, VNX/VTX and VXOP products could allow an unauthenticated remote attacker to execute arbitrary code on the target system with root privileges by sending crafted user input to an affected product.
2) CVE-2022-33186 - Unauthorized access vulnerability in the SNMP service on Brocade routers could allow a remote attacker to access device management data from an affected product. The release includes additional information about these vulnerabilities. This is not considered a high priority patch for customers and use of this release should be carefully considered.

Brocade Fabric OS v9.0.1: What’s new?

The vulnerability CVE-2022-33186 has been fixed in Brocade Fabric OS v9.0.1; you should update immediately.

Brocade Fabric OS v9.0.1 offers the following new features and improvements:

-This release includes a fix for the vulnerability CVE-2022-33186, which is listed in the "What’s New?" section of this document.

Timeline

Published on: 12/08/2022 22:15:00 UTC
Last modified on: 12/12/2022 18:47:00 UTC

References

• https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2121
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33186