CVE-2024-1509

CWE-5233 documents3 sources

Severity

7.6HIGH

EPSS

0.1%

top 75.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brocade Active Support Connectivity Gateway Brocade Ascg

Timeline

PublishedFeb 28

Latest updateMar 1

Description

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5brocade/ascgbefore 3.2.0

▶NVDbroadcom/brocade_active_support_connectivity_gateway3.1.0

🔴Vulnerability Details

GHSA

GHSA-j6jw-hg33-x575: Brocade ASCG before 3↗2025-03-01

▶

CVEList

Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100↗2025-02-28

▶