CVE-2024-24903

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Mar 1, 2024

CWE ID 640

Summary

CVE-2024-24903 is a vulnerability found in Dell Secure Connect Gateway (SCG) Policy Manager version 5.10 and above. It is categorized as a weak password recovery mechanism for forgotten passwords. An attacker with low privileges on an adjacent network could potentially exploit this vulnerability and gain unauthorized access to the application with the compromised account's privileges. By retrieving the reset password token without authorization, the attacker can change the password, posing a risk to the organization's integrity and confidentiality. The severity of this vulnerability is rated as high, with an exploitability score of 2.1 out of 10. The impact score is 5.9, indicating potential significant harm to the affected system's availability, integrity, and confidentiality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-24903 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database