CVE-2024-39340
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A security vulnerability has been discovered in the handling of OTP keys in the authentication system of Securepoint UTM. This vulnerability allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 to 12.6.4 and the Reseller Preview version 12.7.0. The issue has been fixed in UTM versions 12.6.5 and 12.7.1.
Securepoint UTM anterior a 12.6.5 maneja mal los códigos OTP.
The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has been fixed in UTM 12.6.5 and 12.7.1.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-06-24 CVE Reserved
- 2024-07-12 CVE Published
- 2024-09-23 CVE Updated
- 2024-09-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://wiki.securepoint.de/UTM/Changelog | ||
| https://www.securepoint.de/en/for-companies/utm-firewall | ||
| https://wiki.securepoint.de/Advisory/CVE-2024-39340 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Securepoint Search vendor "Securepoint" | Unified Threat Management Search vendor "Securepoint" for product "Unified Threat Management" | * | - |
Affected
| ||||||