CVE-2024-39340

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-287
View all →

Vulnerability Description

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has been fixed in UTM 12.6.5 and 12.7.1.

Related Vulnerabilities

CVE-2012-3462

HIGH
CVSS:8.8(High)

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of...

CWE-2872012

CVE-2013-4863

HIGH
CVSS:8.8(High)

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 4...

CWE-2872013

CVE-2013-7051

HIGH
CVSS:8.8(High)

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

CWE-2872013

CVE-2015-2880

HIGH
CVSS:8.8(High)

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

CWE-2872015

CVE-2015-6397

HIGH
CVSS:8.8(High)

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that accou...

CWE-2872015

CVE-2015-8332

HIGH
CVSS:8.8(High)

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and pe...

CWE-2872015