Brocade Fibre Channel Networking Community

Expand all | Collapse all

Brocade 300 Vulnerabilities?

  • 1.  Brocade 300 Vulnerabilities?

    Posted 08-31-2014 07:56 PM

    Hi All,

     

    I have several Brocade 300's running the following code:

     

    Kernel:     2.6.14.2  
    Fabric OS:  v6.1.1a
    Made on:    Fri Sep 19 17:17:47 2008
    Flash:      Wed Nov 26 10:54:38 2008
    BootProm:   1.0.6

     

    After running a vulnerabilities scan by our security group, the following were detected:

     

    HIGH - OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

     

    I can't seem to find whether a firmware upgrade will fix this or not?  Anyone familiar with such a vulnerability with this version of FAB OS? 

     

     


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: Brocade 300 Vulnerabilities?

    Posted 08-31-2014 11:51 PM

    hi there,

     

    That Fabric OS release, 6.1.1a, has been EOSL for a long time. So first of all, you should upgrade the firmware and repeat the vulnerability tests.

     

    once said this, in the following link you can check all the Open Source Code software used by each code release:

     

    http://www.brocade.com/services-support/drivers-downloads/oscd/oscd_listings.page

     

     

    so, If you know in which version that vulnerability is corrected, you can see if that very version is available in any of the newer codes.

     

    Rgds,

    Felipon


    #BrocadeFibreChannelNetworkingCommunity