Broadcom Brocade SANnav CVE-2019-16205 Session Hijacking Vulnerability

2019-10-28T00:00:00
ID SMNTC-110905
Type symantec
Reporter Symantec Security Response
Modified 2019-10-28T00:00:00

Description

Description

Broadcom Brocade SANnav is prone to a session-hijacking vulnerability. An attacker can exploit this issue to hijack another user's session and gain unauthorized access to the victim's account on the affected system. Versions prior to Brocade SANnav 2.0 are vulnerable.

Technologies Affected

  • Broadcom Brocade SANnav

Recommendations

Block external access at the network boundary, unless external parties require service.
If possible, block external access to the server hosting the vulnerable software. Permit access for trusted or internal networks and computers only.

Run all software as a nonprivileged user with minimal access rights.
Running server processes with minimal privileges and within a restricted environment using facilities such as chroot or jail may limit the consequences of successful attacks.

When possible, limit the privileges granted to users to the least amount required.
Limit the access of legitimate users to the minimum required in order to limit the consequences of successful attacks.

Updates are available. Please see the references for more information.