CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory

06 Aug 2024, 15:30

Type Values Removed Values Added
Summary
  • (es) Dell SCG, versiones anteriores a 5.24.00.00, contienen una vulnerabilidad de control de acceso inadecuado en el SCG expuesta para una API REST de mantenimiento interno (si la habilita el usuario administrador desde la interfaz de usuario). Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de ciertas API aplicables solo para usuarios administradores en la base de datos backend de la aplicación, lo que potencialmente podría permitir que un usuario no autorizado acceda a recursos restringidos y cambie de estado.
CWE NVD-CWE-noinfo
First Time Dell
Dell secure Connect Gateway
CPE cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory

13 Jun 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-13 15:15

Updated : 2024-11-21 09:07


NVD link : CVE-2024-28967

Mitre link : CVE-2024-28967

CVE.ORG link : CVE-2024-28967


JSON object : View

Products Affected

dell

  • secure_connect_gateway
CWE
CWE-284

Improper Access Control

NVD-CWE-noinfo