Local Password Exposure in Brocade Fabric OS Services
CVE-2022-28170

6.5MEDIUM

Key Information:

Vendor: Broadcom
Status: Brocade Fabric Os
Vendor: CVE Published:; 25 October 2022

Summary

The Brocade Fabric OS Web Application services prior to specific versions are susceptible to information disclosure. The application fails to adequately protect sensitive server and user passwords by storing them in debug statements. A local user could potentially access these debug logs, thereby extracting confidential password data, which could significantly compromise system security. Organizations using affected versions should prioritize updating their systems to mitigate the risk associated with this vulnerability.

Affected Version(s)

Brocade Fabric OS Brocade Fabric OS versions before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j

References

https://www.broadcom.com/support/fibre-channel-networking...

https://security.netapp.com/advisory/ntap-20230127-0002/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Mar 29, 2022