CVE-2026-0869

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/37121	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:3.4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-03 20:16

Updated : 2026-03-09 18:15

NVD link : CVE-2026-0869

Mitre link : CVE-2026-0869

CVE.ORG link : CVE-2026-0869

JSON object : View

Products Affected

broadcom

brocade_active_support_connectivity_gateway

CWE

CWE-305

Authentication Bypass by Primary Weakness

NVD-CWE-noinfo

{"id": "CVE-2026-0869", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-03T20:16:45.797", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/37121", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-305"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric."}, {"lang": "es", "value": "Omisi\u00f3n de autenticaci\u00f3n en Brocade ASCG 3.4.0 Podr\u00eda permitir a un usuario no autorizado realizar operaciones de ASCG relacionadas con Brocade Support Link (BSL) y la configuraci\u00f3n de streaming, e incluso podr\u00eda deshabilitar la aplicaci\u00f3n ASCG o deshabilitar el uso de la recopilaci\u00f3n de datos de BSL en los switches Brocade dentro de la estructura."}], "lastModified": "2026-03-09T18:15:12.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B8F778F-4911-4B4B-B156-8890E46939E7"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}