Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000205092


DSA-2022-304: Dell Connectrix (Brocade) Security Update for EZswitch Vulnerability

Summary: Dell Connectrix (Brocade) remediation is available for an EZswitch vulnerability in Brocade Fabric OS (FOS) software that may be exploited by malicious users to compromise the affected system. ...

Article Content


Impact

Critical

Details
Third-party Component CVE More information
Connectrix (Brocade) FOS CVE-2022-33186 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Third-party Component CVE More information
Connectrix (Brocade) FOS CVE-2022-33186 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
CVE Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-33186 Connectrix (Brocade) FOS Brocade Fabric OS (FOS) v9.1.1, v9.0.1e, v8.2.3c, and v7.4.2j and earlier v9.1.1_01
v9.0.1e1,
v8.2.3c1
v7.4.2j1
Link to update
CVE Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-33186 Connectrix (Brocade) FOS Brocade Fabric OS (FOS) v9.1.1, v9.0.1e, v8.2.3c, and v7.4.2j and earlier v9.1.1_01
v9.0.1e1,
v8.2.3c1
v7.4.2j1
Link to update
Workarounds and Mitigations

To remove any exposure to this vulnerability, Brocade Fabric OS switch administrators must disable EZServer support or upgrade to a version of FOS that has the EZServer module removed.

Disabling EZServer is accomplished by using the CLI command "configurechassis." Disabling the EZServer in the switch configuration prevents any exposure to this vulnerability. This option is only available on FOS versions v8.1.0b and later. Customers running on older versions of FOS, including v7.4.2j, do not have this option and must upgrade to FOS v7.4.2j1 to protect their switches.

Customers that elect to upgrade their FOS version can obtain a patch with the EZServer module removed:

  • FOS v9.1.1_01 and higher versions
  • FOS v9.0.1e1 and higher versions
  • FOS v8.2.3c1 and higher versions
  • FOS v7.4.2j1 and higher versions
These patches can be obtained from their standard support customer portal or by contacting their support organization.

Example showing how to disable the EZServer module:
brocadeswitch:admin> configurechassis
Configure...
cfgload attributes (yes, y, no, n): [no]
ssl attributes (yes, y, no, n): [no]
webtools attributes (yes, y, no, n): [no] y
...
Login Session Timeout (in secs): (60..432000) [7200]
EZserver Enabled (yes, y, no, n): [yes] no
...
brocadeswitch:admin >

Notes:
The following actions reenable EZServer on Fabric OS versions that do not have the EZServer module entirely removed:
  • firmwarecleaninstall
  • config removall
  • configdefault
  • factory reset

Revision History

RevisionDateDescription
1.02022-11-09Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Connectrix, Connectrix, Connectrix B-Series, Connectrix B-Series, Connectrix, Connectrix B-Series Fabric OS 9.X, Connectrix B-Series Software

Product

Product Security Information

Last Published Date

09 Nov 2022

Version

2

Article Type

Dell Security Advisory