CVE-2024-1509

High CVSS: 7.6

Brocade ASCG before 3.2.0 Web Interface is not
enforcing HSTS, as defined by RFC 6797. HSTS is an optional response
header that can be configured on the server to instruct the browser to
only communicate via HTTPS. The lack of HSTS allows downgrade attacks,
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking
protections.

Vendor

Broadcom

Product

Brocade Active Support Connectivity Gateway

CWE

CWE-523

Yayın Tarihi

2025-02-28 22:15:38

Güncelleme

2026-04-06 14:16:39

Source Identifier

sirt@brocade.com

KEV Date Added

Kategoriler

CWE-523 Brocade Active Support Connectivity Gateway HIGH Broadcom 2025

Referanslar

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428

Benzer Kayıtlar

High

CVE-2026-0869

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Broca…

High

CVE-2025-9711

A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user…

Medium

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using…

Medium

CVE-2025-58380

A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the…

High

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash she…

High

CVE-2025-58382

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabri…