Description
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.
Published: 2026-03-03
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass / Unauthorized Access
Action: Patch Immediately
AI Analysis

Impact

The vulnerability in Brocade ASCG 3.4.0 arises because application‑defined user accounts are not properly protected by passwords, creating an authentication bypass that can be exploited by an unauthorized user. An attacker can create or use such weak accounts to access the web or management interfaces and perform privileged operations, including configuring the Brocade Support Link (BSL) and streaming, as well as disabling the ASCG application or preventing BSL data collection. The impact is a loss of confidentiality, integrity, and availability of the networking fabric’s support and monitoring functions.

Affected Systems

Brocade ASCG version 3.4.0

Risk and Exploitability

The CVSS base score of 8.3 indicates high severity, and the EPSS score of less than 1% suggests a low but non‑zero probability of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog, but the potential damage is significant. Attackers likely obtain access through remote network connections to the ASCG management interface, exploiting the lack of password enforcement on custom user accounts. Once authenticated, they can modify BSL settings, alter streaming configuration, or disable critical components of the fabric’s monitoring infrastructure.

Generated by OpenCVE AI on April 16, 2026 at 13:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest vendor patch for Brocade ASCG that enforces password protection on all user accounts.
  • After patching, verify that all custom user accounts require strong, non‑default passwords or disable these accounts until secure credentials are applied.
  • Audit BSL and streaming configuration settings for unauthorized changes and enforce strict access controls around these functions.

Generated by OpenCVE AI on April 16, 2026 at 13:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Broadcom
Broadcom brocade Active Support Connectivity Gateway
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:3.4.0:*:*:*:*:*:*:*
Vendors & Products Broadcom
Broadcom brocade Active Support Connectivity Gateway
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Brocade
Brocade ascg
Vendors & Products Brocade
Brocade ascg

Tue, 03 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Description Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.
Title Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0
Weaknesses CWE-305
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L'}

Subscriptions

Broadcom Brocade Active Support Connectivity Gateway
Brocade Ascg
cve-icon MITRE

Status: PUBLISHED

Assigner: brocade

Published:

Updated: 2026-03-04T21:19:58.402Z

Reserved: 2026-01-12T23:18:49.312Z

Link: CVE-2026-0869

cve-icon Vulnrichment

Updated: 2026-03-04T21:19:52.583Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T20:16:45.797

Modified: 2026-03-09T18:15:12.340

Link: CVE-2026-0869

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:00:19Z

Weaknesses