First published: Mon May 09 2022(Updated: )
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.
Credit: sirt@brocade.com
Affected Software | Affected Version | How to fix |
---|---|---|
Brocade SANNav | <2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this information exposure through log file vulnerability is CVE-2022-28161.
CVE-2022-28161 has a severity level of medium.
Brocade SANNav versions before Brocade SANnav 2.2.0 are affected by CVE-2022-28161.
An authenticated local attacker can exploit CVE-2022-28161 by viewing sensitive information such as ssh passwords in the filetansfer.log file in debug mode.
Yes, the fix for CVE-2022-28161 is to update to Brocade SANNav version 2.2.0 or later.