privileged directory transversal.in Brocade Fabric OS versions 7.4.1.x and 7.3.x

Vulnerability

A privileged directory traversal vulnerability exists in Brocade Fabric OS versions 7.4.1b and 7.3.1d. Within the restricted shell environment (rbash), users logged in as either the "user" or "factory" account can leverage the more binary with tab-completion to list the entire filesystem. These versions have reached end of life (EOL) and are no longer supported [1].

Exploitation

An attacker requires local access via an active SSH session with a valid "user" or "factory" account. To exploit, the attacker types the command more and presses the TAB key repeatedly until a listing of the current directory appears. Alternatively, supplying partial paths such as more / or more /etc/ followed by pressing TAB will display the full contents of those directories [1].

Impact

Successful exploitation grants the attacker complete knowledge of the underlying filesystem structure, including all available binaries within the user's PATH environment variable. The listing is performed with root-equivalent permissions, leading to significant information disclosure [1].

Mitigation

Brocade Fabric OS versions 7.4.1b and 7.3.1d have reached End of Availability (EOA) and are no longer supported. No patch is available for these EOL versions. Users should upgrade to actively supported Brocade Fabric OS versions as recommended in the Product End-of-Life report [1].