A Vulnerability in Brocade Fabric OS Could Allow for Arbitrary Command Injection
ITS ADVISORY NUMBER:
2023-002
DATE(S) ISSUED:
01/04/2023
SUBJECT:
A Vulnerability in Brocade Fabric OS Could Allow for Arbitrary Command Injection
OVERVIEW:
A vulnerability has been discovered in Brocade Fabric OS, which could allow an attacker to execute arbitrary commands on the targeted system. Brocade Fabric OS software is used by IBM b-type SAN directors and switches. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on a Brocade Fabric OS switch. Depending on the setup of the device, an attacker would then be capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch’s IP address.
THREAT INTELLIGENCE:
There are currently no reports of this vulnerability being exploited in the wild.
SYSTEMS AFFECTED:
- Brocade Fabric OS v9.1.1_01 and prior
- Brocade Fabric OS v9.0.1e1 and prior
- Brocade Fabric OS v8.2.3c1 and prior
- Brocade Fabric OS v7.4.2j1 and prior
RISK:
Government:
- Large and medium government entities: High
- Small government entities: Medium
Businesses:
- Large and medium business entities: High
- Small business entities: Medium
Home users: Low
TECHNICAL SUMMARY:
A vulnerability has been discovered in Brocade Fabric OS, which could allow an attacker to execute arbitrary commands on the targeted system. Details of this vulnerability is as follows:
Tactic: Execution (TA00041):
Technique: Native Code (T1575), Command and Scripting Interpreter (T1059):
- CVE-2022-33186 – A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier could allow a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system. The vulnerability occurs as a result of the EZswitch software, which is embedded in the Brocade Fabric OS. This software is a tool used during the initial switch configuration to allow SAN administrators to configure and manage single-switch fabrics from a standard workstation.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on a Brocade Fabric OS switch. Depending on the setup of the device, an attacker would then be capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch’s IP address.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply appropriate patches provided by Brocade Communications Systems to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable anti-exploitation features on enterprise assets and software, where possible, such as Apple® System Integrity Protection (SIP) and Gatekeeper™.
REFERENCES:
IBM:
https://www.ibm.com/support/pages/node/6852173
Broadcom:
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2121
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33186