Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

brocade_active_support_connectivity_gateway

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-0869
Assigner-Brocade Communications Systems LLC, a Broadcom Company
ShareView Details
Assigner-Brocade Communications Systems LLC, a Broadcom Company
CVSS Score-8.3||HIGH
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 19:59
Updated-09 Mar, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-brocade_active_support_connectivity_gatewayASCG
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2025-6391
Assigner-Brocade Communications Systems LLC, a Broadcom Company
ShareView Details
Assigner-Brocade Communications Systems LLC, a Broadcom Company
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.22%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 21:45
Updated-06 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JSON Web Token (JWT) Exposure in Log Files

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_active_support_connectivity_gatewayBrocade ASCG
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-7398
Assigner-Brocade Communications Systems LLC, a Broadcom Company
ShareView Details
Assigner-Brocade Communications Systems LLC, a Broadcom Company
CVSS Score-8.6||HIGH
EPSS-0.04% / 11.60%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 21:28
Updated-06 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Medium Strength Cipher Suites detected on port on ports 9000 and 8036

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_active_support_connectivity_gatewayBrocade ASCG
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-1509
Assigner-Brocade Communications Systems, LLC
ShareView Details
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.6||HIGH
EPSS-0.09% / 24.90%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 21:52
Updated-06 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_active_support_connectivity_gatewayASCG
CWE ID-CWE-523
Unprotected Transport of Credentials