Brocade Fibre Channel SAN Privilege Escalation - us

Lenovo Security Advisory: LEN-14794

**Potential Impact:**Local privilege escalation

Severity: High

**Scope of Impact:**Industry-Wide

**CVE Identifier:**CVE-2016-8202

Summary Description:

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update your Brocade Fibre Channel SAN to the latest version by following the links below.

Minimizing exposure to this vulnerability can be done by the following means:

- Tightly control list of operators and administrators accessing the switch via CLI and other management interfaces;

- Using firewall and ipfilter to limit access to switch CLI interface from trusted hosts only.

- If you have not done so in the past, change all Brocade default account passwords, including the root passwords, from the default factory passwords.

- Delete guest accounts and temporary accounts created for one-time usage needs.

- Utilize FOS password policy management to strengthen the complexity, age, and history requirements of switch account passwords.