Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.
History

Thu, 05 Dec 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell secure Connect Gateway
CPEs cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell secure Connect Gateway

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-03-01T13:30:30.579Z

Updated: 2024-08-05T18:42:07.112Z

Reserved: 2024-02-01T13:40:59.758Z

Link: CVE-2024-24903

cve-icon Vulnrichment

Updated: 2024-08-01T23:28:12.904Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-01T14:15:53.320

Modified: 2024-12-05T16:45:06.087

Link: CVE-2024-24903

cve-icon Redhat

No data.