Table of Contents
  • Home
  • /
  • Blog
  • /
  • Broadcom Published Security Advisories for Multiple 0-Day Vulnerabilities in Brocade SANnav
April 30, 2024

Broadcom Published Security Advisories for Multiple 0-Day Vulnerabilities in Brocade SANnav

Security Advisories for Multiple 0-Day Vulnerabilities in Brocade SANnav

Pierre Barre, an independent security researcher, recently disclosed 18 0-day vulnerabilities in Brocade SANnav and reported them to the product's vendor, Broadcom, which owns Symantec and VMware. According to the researcher, several of these Brocade SANnav vulnerabilities were initially reported in a September 2022 security assessment to the vendor. However, Brocade rejected the findings because they didn't address the latest version of SANnav. The researcher also discovered three new 0-day vulnerabilities in the latest version of Brocade SANnav, in addition to the previously reported issues. Let's take a closer look at the 0-day vulnerabilities disclosed in Brocade SANnav, their impact, affected versions, and the protection and mitigation measures available.

A Short Note About Brocade SANnav

Brocade SANnav is a SAN management software solution designed to simplify the management, monitoring, and troubleshooting of storage area networks (SANs). It provides a centralized platform for administering Fibre Channel switches and fabrics, allowing IT teams to optimize performance, ensure availability, and streamline operations. Key features of Brocade SANnav include intuitive web-based interfaces, real-time monitoring and alerting, advanced analytics, and integration with other management tools. By leveraging SANnav, organizations can gain better visibility into their SAN infrastructure and proactively address potential issues before they impact business operations.

List of Vulnerabilities Disclosed in Brocade SANnav

The security researcher, Pierre Barre, disclosed a total of 18 vulnerabilities in Brocade SANnav, including several critical issues that could lead to unauthorized access, data manipulation, and system compromise. Here's a detailed list of the vulnerabilities:

  1. CVE-2024-2859 - Root access permitted by default and several insecure options set:

  • The root password of the SANnav appliance is publicly known and documented

  • The default SSH configuration allows root access and insecure options

2. CVE-2024-4173 - Brocade SANnav OVA versions expose Kafka on the WAN interface:

  • Kafka APIs are reachable on ports 18081 (HTTP) and 18082 (HTTPS) from the WAN interface

  • Unauthenticated access to Kafka allows sending malicious data and potentially causing a denial-of-service (DoS) condition

3. CVE-2024-4161 - Syslog traffic sent in clear-text:

  • SANnav appliance receives syslog datagrams from Brocade switches in clear-text without encryption

4. CVE-2024-4159 - Protection mechanisms:

  • Inconsistencies in firewall rules between IPv4 and IPv6, allowing expanded attack surface

  • Lack of proper network segmentation and access controls

5. CVE-2024-29960 - Hard-coded and identical SSH keys inside the OVA image:

  • SSH keys inside the SANnav OVA image are hardcoded and remain the same across installations

  • Attackers can decrypt SSH traffic and compromise the appliance

6. CVE-2024-29961 - Ping at regular intervals:

7. CVE-2024-29962 - Insecure file permission settings that make files world-readable:

  • Sensitive files containing passwords and logs are world-readable

  • Local attackers can extract passwords and compromise the appliance

8. CVE-2024-29963 - Hard-coded keys used by Docker to reach remote registries over TLS:

  • SANnav OVA image contains hardcoded keys used by Docker to reach remote registries over TLS

  • Attackers can perform man-in-the-middle (MITM) attacks and decrypt traffic

9. CVE-2024-29964 - Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration:

  • Insecure permissions and lack of segmentation between Docker instances

  • Sensitive information shared across instances through environment variables

10. CVE-2024-29965 - A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches:

  • Backup files are world-readable and can be recovered by local attackers

  • Attackers can restore the backup to a malicious appliance and extract switch passwords

11. CVE-2024-29966 - Hard-coded credentials in the documentation that appear as the root password:

  • The SANnav documentation includes a hardcoded root password

12. CVE-2024-29967 - Docker instances inside the appliance have insecure mount points, allowing read and write access to sensitive files:

  • Several Docker instances have read/write access to sensitive directories and files on the host system

  • Attackers can manipulate critical files and compromise the appliance

Additionally, the researcher found several vulnerabilities that were not assigned CVE numbers:

  • Insecure SANnav access using an undocumented user account:

  • An undocumented "SANnav" user account with a hardcoded password grants access to the appliance

  • HTTPS configuration issues between Brocade SANnav Management Portal and Brocade SAN switches:

  • Insecure options allow fallback to clear-text HTTP communication, exposing sensitive data

  • Lack of encryption for the management protocol (HTTP):

  • SANnav appliance communicates with switches using clear-text HTTP, allowing attackers to intercept sensitive information

  • Lack of authentication in Postgres databases:

  • Postgres databases within the SANnav appliance do not require authentication, allowing unauthorized access to sensitive data

These detailed findings highlight the numerous security weaknesses present in Brocade SANnav,

The successful exploitation of the disclosed vulnerabilities in Brocade SANnav can have severe consequences for organizations. Attackers can gain unauthorized access to critical systems, manipulate sensitive data, and disrupt business operations. They can take control of the SANnav appliance and connected SAN switches, intercept clear-text data transmissions, and move laterally within the network. The presence of hardcoded credentials and insecure configurations further increases the risk of data breaches, intellectual property theft, financial losses, and reputational damage.Organizations must prioritize patching and mitigation efforts to safeguard their SAN infrastructure and minimize the risk of falling victim to cyber attacks.

Affected Versions of Brocade SANnav

According to the security researcher, the vulnerabilities were found in Brocade SANnav versions up to 2.3.0, including version 2.2.2, which was the latest release at the time of the initial report. It is crucial for organizations to check their SANnav deployments and ensure they have applied the necessary patches and updates to mitigate these risks.

How Can Organizations Protect their SANnav Systems from these Vulnerabilities?

To protect their SANnav systems from the disclosed vulnerabilities, organizations should:

  • Upgrade to Brocade SANnav version 2.3.1 or later and ensure all connected SAN switches and devices are updated with the latest firmware and security patches

  • Review and harden the configuration of SANnav appliances, implement network segmentation, and enable encryption for all communication channels

  • Regularly monitor and audit SANnav systems for suspicious activities, conduct vulnerability assessments and penetration testing, and develop and test incident response plans

  • Educate and train employees on security best practices and the importance of reporting suspicious activities

By implementing these security measures, organizations can significantly reduce the risk of successful attacks exploiting the disclosed vulnerabilities in Brocade SANnav and maintain the integrity and resilience of their SAN infrastructure.

We hope this post helps you know about recently published security advisories for 18 0-Day vulnerabilities in Brocade SANnav. Thanks for reading this post. Please share this post and help secure the digital world.Visit our website, and our social media page on FacebookLinkedInTwitterTelegramTumblrMedium, and Instagram and subscribe to receive updates like this.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Cloud & OS Platforms

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription