← back
CVE-2024-39340

CVE-2024-39340

CVSS 8.8 HIGHEPSS 0.9%CWE-287
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has been fixed in UTM 12.6.5 and 12.7.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wiki.securepoint.de/Advisory/CVE-2024-39340https://wiki.securepoint.de/UTM/Changeloghttps://www.securepoint.de/en/for-companies/utm-firewall