Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dell
Dell secure Connect Gateway |
|
CPEs | cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:* | |
Vendors & Products |
Dell
Dell secure Connect Gateway |
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2024-03-01T13:30:30.579Z
Updated: 2024-08-05T18:42:07.112Z
Reserved: 2024-02-01T13:40:59.758Z
Link: CVE-2024-24903
Vulnrichment
Updated: 2024-08-01T23:28:12.904Z
NVD
Status : Analyzed
Published: 2024-03-01T14:15:53.320
Modified: 2024-12-05T16:45:06.087
Link: CVE-2024-24903
Redhat
No data.