CVE-2024-1509

EPSS 0.09%
Veröffentlicht 28.02.2025 22:15:38
Zuletzt bearbeitet 29.01.2026 02:08:25
Quelle sirt@brocade.com
CVE-Watchlists
Login
Unerledigt
Login

Brocade ASCG before 3.2.0 Web Interface  is not 
enforcing HSTS, as defined by RFC 6797. HSTS is an optional response 
header that can be configured on the server to instruct the browser to 
only communicate via HTTPS. The lack of HSTS allows downgrade attacks, 
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking 
protections.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Brocade ≫ Active Support Connectivity Gateway Version < 3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.263

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
sirt@brocade.com	7.6	0	0	CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-523 Unprotected Transport of Credentials

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1509

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1509

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1509

EUVD