CVE-2024-39340

high

Description

A security vulnerability has been discovered in the handling of OTP keys in the authentication system of Securepoint UTM. This vulnerability allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 to 12.6.4 and the Reseller Preview version 12.7.0. The issue has been fixed in UTM versions 12.6.5 and 12.7.1.

References

https://www.securepoint.de/en/for-companies/utm-firewall

https://wiki.securepoint.de/UTM/Changelog

Details

Source: Mitre, NVD

Published: 2024-07-12

Updated: 2024-08-01

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics