Brocade Active Support Connectivity Gateway
CVE-2025-7398
HIGH
Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
AnalysisAI
Weak cryptography in Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 exposes local communications on internal ports 9000 and 8036 to potential decryption and tampering. Local attackers with no privileges can compromise confidentiality and integrity of data transmitted through these internal service ports. No public exploit identified at time of analysis. EPSS data not available, but the local attack vector (AV:L) limits remote exploitation risk despite the 8.6 CVSS score.
Technical ContextAI
The vulnerability stems from CWE-326 (Inadequate Encryption Strength), where Brocade ASCG implements medium-strength cryptographic algorithms on internal communication channels. The affected product is Broadcom's Brocade Active Support Connectivity Gateway (CPE: cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway), a diagnostic and support tool for Brocade infrastructure. Ports 9000 and 8036 are internal service ports used for inter-component communication within the ASCG appliance. Medium-strength cryptography typically refers to deprecated or weakened algorithms (such as 3DES, RC4, or short-key RSA/DSA) that are vulnerable to modern computational attacks including brute-force, collision, or cryptanalytic techniques. The local attack vector indicates the vulnerability requires access to the system hosting ASCG, suggesting exposure through local processes, container escape, or lateral movement scenarios rather than direct network exploitation of these ports.
RemediationAI
Upgrade Brocade Active Support Connectivity Gateway to version 3.3.0 or later, which implements stronger cryptographic algorithms on the affected internal ports. Broadcom's security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35950 provides official upgrade instructions and release notes. As a temporary risk mitigation measure where immediate patching is not feasible, restrict local access to ASCG systems through enhanced access controls, network segmentation to isolate ASCG instances from untrusted local processes, and monitoring of processes attempting to interact with ports 9000 and 8036. However, these are not substitutes for applying the vendor-released patch version 3.3.0.
Brocade Active Support Connectivity Gateway versions up to 3.4.0 contains a vulnerability that allows attackers to an un
JSON Web Token exposure in Brocade Active Support Connectivity Gateway (ASCG) prior to version 3.3.0 enables high-privil
Same weakness CWE-326 – Inadequate Encryption Strength
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today