CVE-2025-7398

HIGH
2025-07-17 [email protected]
8.6
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 06, 2026 - 14:22 vuln.today
CVE Published
Jul 17, 2025 - 22:15 nvd
HIGH 8.6

Tags

Information Disclosure Brocade Active Support Connectivity Gateway

Description

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.

Analysis

Weak cryptography in Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 exposes local communications on internal ports 9000 and 8036 to potential decryption and tampering. Local attackers with no privileges can compromise confidentiality and integrity of data transmitted through these internal service ports. No public exploit identified at time of analysis. EPSS data not available, but the local attack vector (AV:L) limits remote exploitation risk despite the 8.6 CVSS score.

Technical Context

The vulnerability stems from CWE-326 (Inadequate Encryption Strength), where Brocade ASCG implements medium-strength cryptographic algorithms on internal communication channels. The affected product is Broadcom's Brocade Active Support Connectivity Gateway (CPE: cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway), a diagnostic and support tool for Brocade infrastructure. Ports 9000 and 8036 are internal service ports used for inter-component communication within the ASCG appliance. Medium-strength cryptography typically refers to deprecated or weakened algorithms (such as 3DES, RC4, or short-key RSA/DSA) that are vulnerable to modern computational attacks including brute-force, collision, or cryptanalytic techniques. The local attack vector indicates the vulnerability requires access to the system hosting ASCG, suggesting exposure through local processes, container escape, or lateral movement scenarios rather than direct network exploitation of these ports.

Affected Products

Broadcom Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 are affected (CPE: cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:*:*:*:*:*:*:*:*). The vulnerability impacts the internal cryptographic implementation on ports 9000 and 8036 across all pre-3.3.0 releases. Broadcom has published a security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35950 detailing affected versions and remediation guidance.

Remediation

Upgrade Brocade Active Support Connectivity Gateway to version 3.3.0 or later, which implements stronger cryptographic algorithms on the affected internal ports. Broadcom's security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35950 provides official upgrade instructions and release notes. As a temporary risk mitigation measure where immediate patching is not feasible, restrict local access to ASCG systems through enhanced access controls, network segmentation to isolate ASCG instances from untrusted local processes, and monitoring of processes attempting to interact with ports 9000 and 8036. However, these are not substitutes for applying the vendor-released patch version 3.3.0.

Priority Score

43
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +43
POC: 0

Share

CVE-2025-7398 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy