CVE-2024-24903

EPSS 0.08%
Veröffentlicht 01.03.2024 14:15:53
Zuletzt bearbeitet 20.05.2025 18:56:09
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Policy Manager For Secure Connect Gateway Version >= 5.10.00.10 < 5.22.00.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.245

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-24903

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24903

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24903

EUVD