Lucene search

DellCVELIST:CVE-2024-22457

HistoryMar 01, 2024 - 11:04 a.m.

CVE-2024-22457

2024-03-0111:04:00

CWE-290

dell

www.cve.org

dell secure connect gateway

authentication vulnerability

remote attacker

self-signed certificate

remote server

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Connect Gateway (SCG) 5.0 Appliance - SRS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "5.20.00.10"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-22457