Summary

Security Advisory ID : BSA-2018-526

Component : Fabric OS IPv6 stack

Revision : 2.0: Final

A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) could allow an unauthenticated, adjacent attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. All versions of Brocade Fabric OS are affected.

Affected Products

Brocade Fabric OS -- Impacted: Fixed in v7.4.2c, v8.1.2 and v8.2.0

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Solution

Brocade has fixed the vulnerability described in this advisory in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) v7.4.2c, v8.1.2, v8.2.0 and later releases. The patch releases have been posted to the MyBrocade web portal.

Workaround

To exploit this vulnerability, an attacker must be on the same local network as the targeted system. Minimizing exposure to this vulnerability can be done by using firewall and ipfilter to limit access to switch to trusted hosts only.

Recommended Action

Brocade strongly recommends that all customers running the impacted version(s) install the patch.

Credit

This vulnerability has been found through internal SQA testing.

Revision History