Sensitive Information Exposure in Brocade Fabric OS Switches
CVE-2022-28167

6.5MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Sannav
Vendor: CVE Published:; 27 June 2022

Summary

Brocade SANnav versions prior to 2.2.0.2 and 2.1.1.8 log sensitive switch passwords in plain text within the asyncjobscheduler-manager.log file. This exposure can lead to unauthorized access to the network, making it essential for users to update to secure versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Brocade SANnav versions before v2.2.0.2 and v2.1.1.8

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220627-0002/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2022
Vulnerability Reserved
Mar 29, 2022