Skip to main content

Brocade Active Support Connectivity Gateway CVE-2025-7398

HIGH
Inadequate Encryption Strength (CWE-326)
2025-07-17 sirt@brocade.com
8.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 06, 2026 - 14:22 vuln.today
CVE Published
Jul 17, 2025 - 22:15 nvd
HIGH 8.6

DescriptionCVE.org

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.

AnalysisAI

Weak cryptography in Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 exposes local communications on internal ports 9000 and 8036 to potential decryption and tampering. Local attackers with no privileges can compromise confidentiality and integrity of data transmitted through these internal service ports. No public exploit identified at time of analysis. EPSS data not available, but the local attack vector (AV:L) limits remote exploitation risk despite the 8.6 CVSS score.

Technical ContextAI

The vulnerability stems from CWE-326 (Inadequate Encryption Strength), where Brocade ASCG implements medium-strength cryptographic algorithms on internal communication channels. The affected product is Broadcom's Brocade Active Support Connectivity Gateway (CPE: cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway), a diagnostic and support tool for Brocade infrastructure. Ports 9000 and 8036 are internal service ports used for inter-component communication within the ASCG appliance. Medium-strength cryptography typically refers to deprecated or weakened algorithms (such as 3DES, RC4, or short-key RSA/DSA) that are vulnerable to modern computational attacks including brute-force, collision, or cryptanalytic techniques. The local attack vector indicates the vulnerability requires access to the system hosting ASCG, suggesting exposure through local processes, container escape, or lateral movement scenarios rather than direct network exploitation of these ports.

RemediationAI

Upgrade Brocade Active Support Connectivity Gateway to version 3.3.0 or later, which implements stronger cryptographic algorithms on the affected internal ports. Broadcom's security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35950 provides official upgrade instructions and release notes. As a temporary risk mitigation measure where immediate patching is not feasible, restrict local access to ASCG systems through enhanced access controls, network segmentation to isolate ASCG instances from untrusted local processes, and monitoring of processes attempting to interact with ports 9000 and 8036. However, these are not substitutes for applying the vendor-released patch version 3.3.0.

Share

CVE-2025-7398 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy