Insufficient Entropy Vulnerability in SecuSUITE Secure Client Authentication Server by BlackBerry
CVE-2024-51720

4.8MEDIUM

Key Information:

Vendor: Blackberry
Status: Secusuite
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-51720?

The SecuSUITE Secure Client Authentication (SCA) Server has a vulnerability that stems from insufficient entropy, potentially enabling attackers to enroll unauthorized devices to victims' accounts and phone numbers. This flaw affects SecuSUITE versions 5.0.420 and earlier, posing risks to user security and privacy. Organizations utilizing this software should assess potential exposure and implement necessary mitigations.

Affected Version(s)

SecuSUITE 5.0.420

References

https://support.blackberry.com/pkb/s/article/140220

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024

JSON

Blackberry

What is CVE-2024-51720?

Affected Version(s)

References

CVSS V3.1

Timeline