"Brocade Vulnerabilities Could Impact Storage Solutions of Several Major Companies"
Broadcom recently discovered that some of the software provided by its storage networking subsidiary Brocade is affected by several vulnerabilities, and it seems possible that the flaws could impact the products of several major companies. According to Broadcom, the Brocade SANnav storage area network (SAN) management application is affected by nine vulnerabilities. Patches have been made available for these security holes. Six of the vulnerabilities impact third-party components such as OpenSSL, Oracle Java, and NGINX, and they have been rated “medium severity” or “low severity.” The company noted that exploiting these flaws can allow an attacker, in many cases an unauthenticated attacker, to manipulate data, decrypt data, and cause a denial of service (DoS) condition. The remaining three vulnerabilities are specific to Brocade SANnav and have been assigned a “high” severity and risk impact rating. The company noted that they can allow attackers to obtain switch and server passwords from log files and intercept potentially sensitive information due to static key ciphers. The security bugs (CVE-2022-28167, CVE-2022-28168, and CVE-2022-28166) were discovered internally, and there is no evidence of exploitation in the wild. Organizations are urged to download the latest updates in order to mitigate the vulnerabilities.