CVE-2024-24903
CVSS 3.1 Score 8.0 of 10 (high)
Details
Summary
CVE-2024-24903 is a vulnerability found in Dell Secure Connect Gateway (SCG) Policy Manager version 5.10 and above. It is categorized as a weak password recovery mechanism for forgotten passwords. An attacker with low privileges on an adjacent network could potentially exploit this vulnerability and gain unauthorized access to the application with the compromised account's privileges. By retrieving the reset password token without authorization, the attacker can change the password, posing a risk to the organization's integrity and confidentiality. The severity of this vulnerability is rated as high, with an exploitability score of 2.1 out of 10. The impact score is 5.9, indicating potential significant harm to the affected system's availability, integrity, and confidentiality.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions