PT-2024-5353 · Securepoint · Securepoint Utm
Published
2024-06-21
·
Updated
2024-09-23
·
CVE-2024-39340
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Securepoint UTM versions 11.5 through 12.6.4
Securepoint UTM Reseller Preview version 12.7.0
Description
The issue is related to the authentication system of Securepoint UTM, specifically with the handling of One-Time Password (OTP) keys. This allows an attacker to bypass second-factor verification when OTP is enabled, affecting both the administration web interface and the user portal.
Recommendations
For Securepoint UTM versions 11.5 through 12.6.4, update to version 12.6.5 or later to resolve the issue.
For Securepoint UTM Reseller Preview version 12.7.0, update to version 12.7.1 or later to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Securepoint Utm