April 25, 2024 at 08:15AM
Pierre Barre warned of multiple vulnerabilities in the Brocade SANnav application, allowing for compromise of the appliance and Fibre Channel switches. The flaws included unauthenticated access, backdoor accounts, exposed credentials, and insecure Docker instances. After initial rejection, the issues were patched in SANnav version 2.3.1, released in December 2023.
Key takeaways from the meeting notes:
– There were a total of 18 flaws in the Brocade SANnav storage area network (SAN) management application, including unauthenticated issues allowing remote attackers to log in to vulnerable devices as root.
– Nine of these flaws were assigned CVE identifiers, including CVE-2024-2859 and CVE-2024-29960 through CVE-2024-29967, with three of them potentially compromising the entire Fibre Channel infrastructure.
– The vulnerabilities included the lack of default firewall, use of HTTP as the management protocol, clear-text syslog traffic, and backdoor user accounts with known passwords.
– Other issues involved root access being available by default, insecure options in an OpenSSH configuration file, and the appliance sending HTTPS requests to two domains without explanation.
– The Postgres running without authentication was accessible from any Docker instance, allowing unauthenticated access to sensitive information and administrative credentials.
– The researcher also identified vulnerabilities in 40 different Docker instances, including extensive permissions that could allow an attacker to take control of the appliance.
– The flaws were initially discovered in 2022, in SANnav version 2.1.1, and were subsequently acknowledged and patched in SANnav version 2.3.1, released in December 2023.
– Hewlett Packard Enterprise (HPE) announced that patches for eight of these flaws were included in HPE SANnav Management Portal versions 2.3.0a and 2.3.1.