CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory

06 Aug 2024, 15:30

Type Values Removed Values Added
CPE cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
First Time Dell
Dell secure Connect Gateway
References () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory
Summary
  • (es) Dell SCG, versiones anteriores a 5.24.00.00, contienen una vulnerabilidad de control de acceso inadecuado en el SCG expuesta para una API REST habilitada interna (si la habilita el usuario administrador desde la interfaz de usuario). Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de ciertas API internas aplicables solo para usuarios administradores en la base de datos backend de la aplicación que potencialmente podría permitir que un usuario no autorizado acceda a recursos restringidos y cambie de estado.
CWE NVD-CWE-noinfo

13 Jun 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-13 15:15

Updated : 2024-11-21 09:07


NVD link : CVE-2024-28965

Mitre link : CVE-2024-28965

CVE.ORG link : CVE-2024-28965


JSON object : View

Products Affected

dell

  • secure_connect_gateway
CWE
CWE-284

Improper Access Control

NVD-CWE-noinfo