CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory

06 Aug 2024, 15:28

Type Values Removed Values Added
CPE cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*
Summary
  • (es) Dell SCG, versiones anteriores a 5.24.00.00, contienen una vulnerabilidad de control de acceso inadecuado en el SCG expuesta para una API REST de actualización interna (si la habilita el usuario administrador desde la interfaz de usuario). Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de ciertas API aplicables solo para usuarios administradores en la base de datos backend de la aplicación que potencialmente podría permitir que un usuario no autorizado acceda a recursos restringidos.
CWE NVD-CWE-noinfo
First Time Dell
Dell secure Connect Gateway
References () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities - Vendor Advisory

13 Jun 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-13 15:15

Updated : 2024-11-21 09:07


NVD link : CVE-2024-28969

Mitre link : CVE-2024-28969

CVE.ORG link : CVE-2024-28969


JSON object : View

Products Affected

dell

  • secure_connect_gateway
CWE
CWE-284

Improper Access Control

NVD-CWE-noinfo