CVE-2024-51720 (GCVE-0-2024-51720)
Vulnerability from cvelistv5
Published
2024-11-12 18:01
Modified
2025-09-11 20:22
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE
  • CWE-307 - Improper Restriction of Excessive Authentication Attempts
  • CWE-334 - Small Space of Random Values
Summary
An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number.
References
secure@blackberry.comhttps://support.blackberry.com/pkb/s/article/140220
Impacted products
Vendor Product Version
BlackBerry SecuSUITE Version: 5.0.420
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51720",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T21:38:30.257463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T21:38:39.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "SecuSUITE Secure Client Authentication"
          ],
          "product": "SecuSUITE",
          "vendor": "BlackBerry",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.420"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:35:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en insufficient entropy vul\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003enerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSecuSUITE\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSecure Client Authentication (SCA) Server \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSecuSUITE\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e version\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e 5.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0.420 and earlie\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003er could allow an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eattacker to potentially \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eenroll an attacker-controlled device to the victim\u2019s account and telephone number.\u003c/span\u003e\u0026nbsp;"
            }
          ],
          "value": "An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim\u2019s account and telephone number."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-49",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-49 Password Brute Forcing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-334",
              "description": "CWE-334 Small Space of Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-11T20:22:23.080Z",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "url": "https://support.blackberry.com/pkb/s/article/140220"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2024-51720",
    "datePublished": "2024-11-12T18:01:49.411Z",
    "dateReserved": "2024-10-30T17:19:06.485Z",
    "dateUpdated": "2025-09-11T20:22:23.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-51720\",\"sourceIdentifier\":\"secure@blackberry.com\",\"published\":\"2024-11-12T18:15:46.693\",\"lastModified\":\"2025-09-11T21:15:33.043\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim\u2019s account and telephone number.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de entrop\u00eda insuficiente en SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE de las versiones 5.0.420 y anteriores, podr\u00eda permitir que un atacante registre potencialmente un dispositivo controlado por el atacante en la cuenta y el n\u00famero de tel\u00e9fono de la v\u00edctima.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@blackberry.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"secure@blackberry.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"},{\"lang\":\"en\",\"value\":\"CWE-334\"}]}],\"references\":[{\"url\":\"https://support.blackberry.com/pkb/s/article/140220\",\"source\":\"secure@blackberry.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-51720\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-12T21:38:30.257463Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-12T21:38:36.144Z\"}}], \"cna\": {\"title\": \"Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-49\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-49 Password Brute Forcing\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"BlackBerry\", \"modules\": [\"SecuSUITE Secure Client Authentication\"], \"product\": \"SecuSUITE\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.420\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-11-12T17:35:00.000Z\", \"references\": [{\"url\": \"https://support.blackberry.com/pkb/s/article/140220\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim\\u2019s account and telephone number.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003en insufficient entropy vul\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003enerability \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ein the \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSecuSUITE\u003c/span\u003e \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSecure Client Authentication (SCA) Server \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eof \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSecuSUITE\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e version\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003es\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e 5.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e0.420 and earlie\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003er could allow an \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eattacker to potentially \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eenroll an attacker-controlled device to the victim\\u2019s account and telephone number.\u003c/span\u003e\u0026nbsp;\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-307\", \"description\": \"CWE-307 Improper Restriction of Excessive Authentication Attempts\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-334\", \"description\": \"CWE-334 Small Space of Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"shortName\": \"blackberry\", \"dateUpdated\": \"2025-09-11T20:22:23.080Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-51720\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-11T20:22:23.080Z\", \"dateReserved\": \"2024-10-30T17:19:06.485Z\", \"assignerOrgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"datePublished\": \"2024-11-12T18:01:49.411Z\", \"assignerShortName\": \"blackberry\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.