Vulnerability Description
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Policy Manager For Secure Connect Gateway | >= 5.10.00.10, < 5.22.00.16 |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-PatchVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-PatchVendor Advisory
FAQ
What is CVE-2024-24903?
CVE-2024-24903 is a vulnerability with a CVSS score of 8.0 (HIGH). Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially explo...
How severe is CVE-2024-24903?
CVE-2024-24903 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24903?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Policy Manager For Secure Connect Gateway.