CVE-2024-1509 — CRITICAL (9.1)

Q: How severe is CVE-2024-1509?

CVE-2024-1509 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-1509?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Brocade Active Support Connectivity Gateway.

Vulnerability Description

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Broadcom	Brocade Active Support Connectivity Gateway	<= 3.1.0

Related Weaknesses (CWE)

CWE-523

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/conVendor Advisory

FAQ

What is CVE-2024-1509?

CVE-2024-1509 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only comm...

How severe is CVE-2024-1509?

CVE-2024-1509 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-1509?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Brocade Active Support Connectivity Gateway.