Session Fixation Vulnerability in PAM Server by Broadcom
CVE-2025-24503

9.3CRITICAL

Key Information:

Vendor: Broadcom
Status: Symantec Privileged Access Management
Vendor: CVE Published:; 30 January 2025

Summary

A vulnerability exists in Broadcom's PAM server that allows a malicious actor to exploit session fixation techniques. By convincing a PAM user to engage with a specially crafted link, the attacker can establish control over the user's session. This could lead to unauthorized access and actions performed under the user's credentials, compromising the security of sensitive operations within the PAM environment. It is essential for users and administrators to implement robust security measures to mitigate this risk.

Affected Version(s)

Symantec Privileged Access Management 3.4.6

Symantec Privileged Access Management 4.1.0 <= 4.1.8

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Stefan Grönke ([email protected])