CVE-2024-51720

Summary

An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number.

Affected Software

VendorProductVersion RangeStatus
BlackBerrySecuSUITE5.0.420affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts
  • CWE-334: CWE-334 Small Space of Random Values

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References