Yesterday CISA added a Broadcom Brocade Fabric OS code injection vulnerability to their Known Exploited Vulnerabilities catalog. The vulnerability was reported by Broadcom on April 24th. At that time they noted that “this vulnerability has been actively exploited in the field.” Exploit code has not yet been reported by NVD.NIST.gov.
CISA has ordered federal agencies using Brocade Fabric OS to
apply “mitigations per vendor instructions, follow applicable BOD 22-01
guidance for cloud services, or discontinue use of the product if mitigations
are unavailable.” A completion date of May 19th, 2025 has been set.
Since this is an operating system product, it may not be immediately apparent
which agency OT/IoT assets are affected.
Posts
No comments:
Post a Comment