Article Number: 000205092
Critical
Third-party Component | CVE | More information |
Connectrix (Brocade) FOS | CVE-2022-33186 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
Third-party Component | CVE | More information |
Connectrix (Brocade) FOS | CVE-2022-33186 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE Addressed | Product | Affected Versions | Updated Versions | Link to Update |
CVE-2022-33186 | Connectrix (Brocade) FOS | Brocade Fabric OS (FOS) v9.1.1, v9.0.1e, v8.2.3c, and v7.4.2j and earlier | v9.1.1_01 v9.0.1e1, v8.2.3c1 v7.4.2j1 |
Link to update |
CVE Addressed | Product | Affected Versions | Updated Versions | Link to Update |
CVE-2022-33186 | Connectrix (Brocade) FOS | Brocade Fabric OS (FOS) v9.1.1, v9.0.1e, v8.2.3c, and v7.4.2j and earlier | v9.1.1_01 v9.0.1e1, v8.2.3c1 v7.4.2j1 |
Link to update |
To remove any exposure to this vulnerability, Brocade Fabric OS switch administrators must disable EZServer support or upgrade to a version of FOS that has the EZServer module removed.
Disabling EZServer is accomplished by using the CLI command "configurechassis." Disabling the EZServer in the switch configuration prevents any exposure to this vulnerability. This option is only available on FOS versions v8.1.0b and later. Customers running on older versions of FOS, including v7.4.2j, do not have this option and must upgrade to FOS v7.4.2j1 to protect their switches.
Customers that elect to upgrade their FOS version can obtain a patch with the EZServer module removed:
brocadeswitch:admin> configurechassis Configure... cfgload attributes (yes, y, no, n): [no] ssl attributes (yes, y, no, n): [no] webtools attributes (yes, y, no, n): [no] y ... Login Session Timeout (in secs): (60..432000) [7200] EZserver Enabled (yes, y, no, n): [yes] no ... brocadeswitch:admin >
Revision | Date | Description |
1.0 | 2022-11-09 | Initial Release |
2.0 | 2023-02-14 | Corrected "Affected Product" section under "Article Properties." |
14 Feb 2023
Dell Security Advisory