SB2025011368 - Multiple vulnerabilities in Brocade Fabric OS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025011368

SB2025011368 - Multiple vulnerabilities in Brocade Fabric OS

Published: January 13, 2025

Security Bulletin ID SB2025011368
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 50% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Improper authentication (CVE-ID: CVE-2023-52160)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the PEAP implementation. A remote attacker can bypass authentication process by sending an EAP-TLV Success packet instead of starting Phase 2.

Successful exploitation of the vulnerability requires that wpa_supplicant is configured to not verify the network's TLS certificate during Phase 1 authentication.


2) Use-after-free (CVE-ID: CVE-2024-1086)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.


3) Resource management error (CVE-ID: CVE-2024-4603)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when checking DSA keys and parameters. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


4) Resource management error (CVE-ID: CVE-2023-6237)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way the EVP_PKEY_public_check() function handles RSA public keys. A remote attacker can supply an RSA key obtained from an untrusted source and perform a denial of service (DoS) attack.


5) State Issues (CVE-ID: CVE-2023-6129)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in POLY1305 MAC (message authentication code) implementation on PowerPC CPU based platforms if the CPU provides vector instructions. A remote attacker can perform a denial of service (DoS) attack.


6) OS Command Injection (CVE-ID: CVE-2022-48624)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Out-of-bounds write (CVE-ID: CVE-2022-1304)

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.


8) Out-of-bounds read (CVE-ID: CVE-2023-7104)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the sessionReadRecord() function in ext/session/sqlite3session.c when processing a corrupt changeset. A remote user can send a specially crafted request to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.


9) OS Command Injection (CVE-ID: CVE-2024-7517)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation. A local user can execute arbitrary commands with elevated privileges.


10) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2024-7516)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. A remote attacker can perform remote service session hijacking attack.


Remediation

Install update from vendor's website.

References