CVE-2024-1509

EPSS 0.09%
Veröffentlicht 28.02.2025 22:15:38
Zuletzt bearbeitet 06.04.2026 14:16:39
Quelle sirt@brocade.com
CVE-Watchlists
Login
Unerledigt
Login

Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100

Brocade ASCG before 3.2.0 Web Interface  is not 
enforcing HSTS, as defined by RFC 6797. HSTS is an optional response 
header that can be configured on the server to instruct the browser to 
only communicate via HTTPS. The lack of HSTS allows downgrade attacks, 
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking 
protections.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Brocade Active Support Connectivity Gateway Version <= 3.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.25

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
sirt@brocade.com	7.6	0	0	CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-523 Unprotected Transport of Credentials

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1509

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1509

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1509

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1509