Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-1509

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Published

2025-02-28T22:15:38.573

Last Modified

2026-01-29T02:08:25.857

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-523

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	brocade	active_support_connectivity_gateway	< 3.2.0	Yes

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428 Third Party Advisory ([email protected])