Brocade Ascg vulnerabilities

CVE-2026-0869 [HIGH] CWE-305 CVE-2026-0869: Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operati Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.

CVE-2025-7397 [MEDIUM] CWE-312 CVE-2025-7397: A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the C A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches.

CVE-2024-1509 [HIGH] CWE-523 CVE-2024-1509: Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.