CVE-2022-28165

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:sannav:*:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-862~~	NVD-CWE-Other

17 May 2022, 18:14

Type	Values Removed	Values Added
CWE		CWE-862
References	~~(MISC) https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844 -~~	(MISC) https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844 - Vendor Advisory
CPE		cpe:2.3:a:broadcom:sannav::::::::
First Time		Broadcom sannav Broadcom
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 8.8

06 May 2022, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-06 17:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-28165

Mitre link : CVE-2022-28165

CVE.ORG link : CVE-2022-28165

JSON object : View

Products Affected

broadcom

sannav

CWE

NVD-CWE-Other

{"id": "CVE-2022-28165", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-05-06T17:15:09.010", "references": [{"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de control de acceso basado en roles (RBAC) de Brocade SANNav versiones anteriores a 2.2.0 podr\u00eda permitir a un atacante remoto autenticado acceder a recursos a los que no deber\u00eda poder acceder y llevar a cabo acciones que no deber\u00eda poder realizar. La vulnerabilidad se presenta porque no son llevados a cabo restricciones en el lado del servidor para asegurar que el usuario presenta permiso requerido antes de procesar las peticiones"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41316D44-8447-4AB6-9DAF-AEE38D6C0861", "versionEndExcluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}