CVE-2024-1509: Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100
First published: Fri Feb 28 2025(Updated: )
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Credit: sirt@brocade.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Brocade ASCG | <3.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-1509?
CVE-2024-1509 is classified as a medium severity vulnerability due to its potential to allow downgrade attacks.
How do I fix CVE-2024-1509?
To fix CVE-2024-1509, upgrade your Brocade ASCG to version 3.2.0 or later, which enforces HSTS.
What is the impact of CVE-2024-1509?
The impact of CVE-2024-1509 includes susceptibility to man-in-the-middle attacks via SSL-stripping due to the lack of HSTS enforcement.
Which versions of Brocade ASCG are affected by CVE-2024-1509?
Brocade ASCG versions prior to 3.2.0 are affected by CVE-2024-1509.
Is HSTS important for web applications like Brocade ASCG?
Yes, HSTS is important as it enhances security by ensuring browsers only communicate via HTTPS, preventing certain attack vectors.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/author
- agent/source
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/brocade
- canonical/brocade ascg