CVSS 3.1 Score 8.0 of 10 (high)


Published Mar 1, 2024
CWE ID 640


CVE-2024-24903 is a vulnerability found in Dell Secure Connect Gateway (SCG) Policy Manager version 5.10 and above. It is categorized as a weak password recovery mechanism for forgotten passwords. An attacker with low privileges on an adjacent network could potentially exploit this vulnerability and gain unauthorized access to the application with the compromised account's privileges. By retrieving the reset password token without authorization, the attacker can change the password, posing a risk to the organization's integrity and confidentiality. The severity of this vulnerability is rated as high, with an exploitability score of 2.1 out of 10. The impact score is 5.9, indicating potential significant harm to the affected system's availability, integrity, and confidentiality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-24903 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions