CVE-2024-1509
moderate-risk
Published 2025-02-28
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Brocade Active Support Connectivity Gateway
Affected Vendors
References (1)
36
/ 100
moderate-risk
Severity
31/34 · Critical
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal