Login Sign Up

CVE-2022-28165

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows authenticated remote attackers to bypass role-based access controls in Brocade SANNav, enabling unauthorized access to resources and actions. It affects Brocade SANNav installations before version 2.2.0 where users have network access to the management interface.

💻 Affected Systems

Products:
  • Brocade SANNav
Versions: All versions before 2.2.0
Operating Systems: Not OS-specific - runs as application
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments where RBAC is used. Requires authenticated access to the SANNav management interface.

📦 What is this software?

Sannav by Broadcom

View all CVEs affecting Sannav →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain administrative privileges, modify SAN configurations, disrupt storage operations, or exfiltrate sensitive storage network data.

🟠

Likely Case

Privilege escalation allowing users to perform actions beyond their assigned role permissions, potentially accessing sensitive configuration data or making unauthorized changes.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and minimal user privileges following least privilege principles.

🌐 Internet-Facing: HIGH if SANNav management interface is exposed to the internet, as authenticated attackers could exploit remotely.
🏢 Internal Only: HIGH as authenticated internal users or compromised accounts could exploit this vulnerability to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is likely straightforward once authenticated due to missing server-side permission checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.0 or later

Vendor Advisory: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844

Restart Required: Yes

Instructions:

1. Download SANNav 2.2.0 or later from Broadcom support portal. 2. Backup current configuration. 3. Install the update following vendor documentation. 4. Restart SANNav services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to SANNav management interface to only authorized administrative networks

RBAC Review and Minimization

all

Review and minimize user privileges to limit potential damage from exploitation

🧯 If You Can't Patch

  • Implement strict network access controls to limit which systems can reach the SANNav management interface
  • Apply principle of least privilege to all user accounts and regularly audit user permissions

🔍 How to Verify

Check if Vulnerable:

Check SANNav version via web interface or CLI. If version is below 2.2.0, system is vulnerable.

Check Version:

Check via SANNav web interface: Admin > About, or consult vendor documentation for CLI commands.

Verify Fix Applied:

Verify SANNav version is 2.2.0 or higher and test RBAC functionality with non-admin accounts.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user activity patterns
  • Access to resources beyond user role
  • Failed permission checks in logs

Network Indicators:

  • Unusual API calls from non-admin users to administrative endpoints
  • Traffic patterns suggesting privilege escalation attempts

SIEM Query:

source="SANNav" AND (event_type="access_denied" OR user_privilege_change OR resource_access_outside_role)

📊 Metadata

CVE ID: CVE-2022-28165
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: May 6, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON