Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Uncategorized

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances. Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances. The following vulnerabilities, discovered by the security researcher Pierre Barre, impact all versions up to 2.3.0 (included): The most severe […]

Bitwarden

Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances.

Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances.

The following vulnerabilities, discovered by the security researcher Pierre Barre, impact all versions up to 2.3.0 (included):

  1. CVE-2024-4159 – Incorrect firewall rules
  2. non-assigned CVE vulnerability – Lack of encryption for management protocol (HTTP)
  3. CVE-2024-4161 – Syslog traffic sent in clear-text
  4. CVE-2024-29966 – Insecure root access
  5. non-assigned CVE vulnerability – Insecure sannav access
  6. CVE-2024-2859 – Insecure SSH configuration
  7. CVE-2024-29961 – Suspicious network traffic (ignite.apache.org)
  8. non-assigned CVE vulnerability – Lack of authentication in Postgres
  9. CVE-2024-29967 – Insecure Postgres Docker instance
  10. CVE-2024-29967 – Insecure Docker instances
  11. CVE-2024-29964 – Insecure Docker architecture and configuration
  12. CVE-2024-29965 – Insecure Backup process
  13. CVE-2024-4159 – Inconsistency in firewall rules
  14. CVE-2024-29962 – Insecure file permissions
  15. CVE-2024-4173 – Kafka reachable on the WAN interface and Lack of authentication
  16. CVE-2024-29960 – Hardcoded SSH Keys
  17. CVE-2024-29961 – Suspicious network traffic (www.gridgain.com)
  18. CVE-2024-29963 – Hardcoded Docker Keys

The most severe flaw is an Insecure SSH configuration tracked as CVE-2024-2859 (CVSS score of 8.8). An unauthenticated, remote attacker can exploit the vulnerability to log in to a vulnerable device using the root account and execute arbitrary commands.

Another severe issue is related to the presence of Hardcoded Docker Keys tracked as CVE-2024-29963 (CVSS score of 8.6).

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. According to the advisory published by Broadcom, Brocade SANnav doesn’t have access to remote Docker registries, and knowledge of the keys is a minimal risk as SANnav is prevented from communicating with Docker registries.

“The security assessment was provided in September 2022 to the Brocade support through Dell but it was rejected by Brocade because it didn’t address the latest version of SANnav.” wrote Barre.

“Luckily, I was able to get access to the latest version of SANnav in May 2023 (the latest version was 2.2.2 then) and confirmed that all the previously rejected vulnerabilities were still present in the version 2.2.2 and as a bonus point, I was able to find 3 additional 0-day vulnerabilities while updating the report. An updated report confirming all the vulnerabilities in the 2.2.2 version was sent to Brocade PSIRT in May 2023 and they finally aknowledged the vulnerabilities. The patches were released in April 2024, 19 months after Brocade firstly rejected the vulnerabilities and 11 months after Brocade acknowledged the vulnerabilities. An attacker can compromise a SANNav appliance. After compromising SANNav, it is trivial to compromise Fibre Channel switches. These switches are running Linux and are powerful. They are ideal to host implants.”

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Brocade)