Lucene search

[email protected]NVD:CVE-2024-28965

HistoryJun 13, 2024 - 3:15 p.m.

CVE-2024-28965

2024-06-1315:15:51

CWE-284

[email protected]

web.nvd.nist.gov

cve-2024-28965

dell

scg

improper access control

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

14.5%

JSON

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application’s backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Affected configurations

Nvd

Node

dellsecure_connect_gatewayRange5.18.00.20–5.22.00.18

VendorProductVersionCPE
dellsecure_connect_gateway*cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	secure_connect_gateway	*	cpe:2.3:a:dell:secure_connect_gateway::::::::

References

www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

14.5%

JSON

Related for NVD:CVE-2024-28965

cvelist1 cve1 vulnrichment1