CVE-2024-1509

CRITICAL

Brocade ASCG <3.2.0 - Info Disclosure

Title source: llm

Description

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

References (1)

Core 1

Core References

Third Party Advisory

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428

Scores

CVSS v3 9.1

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-523

Status published

Products (2)

broadcom/brocade_active_support_connectivity_gateway < 3.1.0

brocade/active_support_connectivity_gateway < 3.2.0

Published Feb 28, 2025

Tracked Since Feb 18, 2026