Brocade SANnav Management Software Vulnerabilities Allow Device Compromise

April 29, 2024

Multiple vulnerabilities have been identified in Brocade's SANnav storage area network (SAN) management application, posing a potential threat to affected devices. These vulnerabilities are present in all versions up to and including 2.3.0. The most significant of these is an insecure SSH configuration, identified as CVE-2024-2859, which has a CVSS score of 8.8. This vulnerability could be exploited by an unauthenticated, remote attacker to log into a vulnerable device using the root account and execute arbitrary commands.

Another major vulnerability is related to the presence of hardcoded Docker keys, identified as CVE-2024-29963, with a CVSS score of 8.6. This issue affects Brocade SANnav OVA versions prior to v2.3.1 and v2.3.0a. These versions contain hardcoded TLS keys used by Docker. However, according to an advisory published by Broadcom, the risk associated with this vulnerability is minimal as SANnav does not have access to remote Docker registries and is prevented from communicating with Docker registries.

These vulnerabilities were initially discovered by security researcher Pierre Barre and reported to Brocade through Dell in September 2022. However, Brocade initially rejected the report because it did not address the latest version of SANnav. “The security assessment was provided in September 2022 to the Brocade support through Dell but it was rejected by Brocade because it didn’t address the latest version of SANnav.” wrote Barre.

Barre was able to access the latest version of SANnav in May 2023 and confirmed that the previously rejected vulnerabilities were still present in version 2.2.2. Additionally, he discovered three additional 0-day vulnerabilities. After re-submitting his report, Brocade acknowledged the vulnerabilities in May 2023. The company released patches for these issues in April 2024, 19 months after the initial rejection and 11 months after acknowledging the vulnerabilities.

These vulnerabilities could allow an attacker to compromise a SANNav appliance and, subsequently, Fibre Channel switches. “An attacker can compromise a SANNav appliance. After compromising SANNav, it is trivial to compromise Fibre Channel switches. These switches are running Linux and are powerful. They are ideal to host implants.”

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.