Primary

Context

Brocade ASCG Web Interface HSTS Enforcement Vulnerability

Vulnerability

A vulnerability exists in the Brocade ASCG web interface in versions prior to 3.2.0, where the server does not enforce HTTP Strict Transport Security (HSTS) as specified by RFC 6797. This absence of HSTS allows for downgrade attacks, SSL-stripping man-in-the-middle attacks, and reduces the effectiveness of cookie-hijacking protections.

Impact

The lack of HSTS enforcement can lead to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakened protections against cookie hijacking.

Remediation

Users can upgrade to Brocade ASCG version 3.2.0 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brocade ASCG Web Interface HSTS Enforcement Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating