CVE-2024-28969

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
History

06 Aug 2024, 15:28

Type Values Removed Values Added
CPE cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
Summary
  • (es) Dell SCG, versiones anteriores a 5.24.00.00, contienen una vulnerabilidad de control de acceso inadecuado en el SCG expuesta para una API REST de actualización interna (si la habilita el usuario administrador desde la interfaz de usuario). Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de ciertas API aplicables solo para usuarios administradores en la base de datos backend de la aplicación que potencialmente podría permitir que un usuario no autorizado acceda a recursos restringidos.
First Time Dell
Dell secure Connect Gateway
References () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory
CWE NVD-CWE-noinfo

13 Jun 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-13 15:15

Updated : 2024-08-06 15:28

NVD link : CVE-2024-28969

Mitre link : CVE-2024-28969

CVE.ORG link : CVE-2024-28969

JSON object : View

Products Affected

dell

  • secure_connect_gateway
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control