Brocade ASCG Authentication Bypass Vulnerability Allowing Unauthorized Access to Application Operations
Vulnerability
An authentication bypass vulnerability has been identified in Brocade ASCG version 3.4.0. This issue allows unauthorized users to access application user accounts created by administrators, which are not properly password protected. Exploitation of this vulnerability could enable these users to perform various ASCG operations related to Brocade Support Link (BSL) and streaming configuration. Additionally, it could allow them to disable the ASCG application or interrupt BSL data collection on affected Brocade switches within the fabric.
Impact
Exploitation of this vulnerability could lead to unauthorized access to Brocade ASCG application operations, with the potential to disable the ASCG application or disrupt BSL data collection on Brocade switches within the fabric.
Remediation
Users can upgrade to Brocade ASCG version 3.4.0a to address this vulnerability. Alternatively, application user accounts on ASCG version 3.4.0 can be disabled and one of the other authentication methods for ASCG can be used, such as LDAP, OS, or Federated Authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.