Details of VAR-202402-1804

ID

VAR-202402-1804

CVE

CVE-2023-44294

TITLE

Dell's secure connect gateway In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-027386

DESCRIPTION

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. Dell's secure connect gateway for, SQL There is an injection vulnerability.Information may be obtained

Trust: 2.25

sources: NVD: CVE-2023-44294 // JVNDB: JVNDB-2023-027386 // CNVD: CNVD-2024-11513 // VULMON: CVE-2023-44294

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-11513

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	gte	version:	5.10.00.00	Trust: 1.0
vendor:	dell	model:	secure connect gateway	scope:	lt	version:	5.20.00.00	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.10.00.00 that's all 5.20.00.00	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	dell	model:	secure connect gateway application	scope:	gte	version:	5.10.00.00,<=5.18.00.00	Trust: 0.6

sources: CNVD: CNVD-2024-11513 // JVNDB: JVNDB-2023-027386 // NVD: CVE-2023-44294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-44294
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2023-44294
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-44294
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-11513
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-11513
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-44294
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2023-44294
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2023-44294
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-11513 // JVNDB: JVNDB-2023-027386 // NVD: CVE-2023-44294 // NVD: CVE-2023-44294

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027386 // NVD: CVE-2023-44294

PATCH

title:

Patch for Dell Secure Connect Gateway Application SQL injection vulnerability (CNVD-2024-11513)

url:

https://www.cnvd.org.cn/patchInfo/show/530086

Trust: 0.6

sources: CNVD: CNVD-2024-11513

EXTERNAL IDS

db:	NVD	id:	CVE-2023-44294	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-027386	Trust: 0.8
db:	CNVD	id:	CNVD-2024-11513	Trust: 0.6
db:	VULMON	id:	CVE-2023-44294	Trust: 0.1

sources: CNVD: CNVD-2024-11513 // VULMON: CVE-2023-44294 // JVNDB: JVNDB-2023-027386 // NVD: CVE-2023-44294

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-44294	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-44294/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-11513 // VULMON: CVE-2023-44294 // JVNDB: JVNDB-2023-027386 // NVD: CVE-2023-44294

SOURCES

db:	CNVD	id:	CNVD-2024-11513
db:	VULMON	id:	CVE-2023-44294
db:	JVNDB	id:	JVNDB-2023-027386
db:	NVD	id:	CVE-2023-44294

LAST UPDATE DATE

2024-10-24T22:46:07.306000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-11513	date:	2024-03-04T00:00:00
db:	VULMON	id:	CVE-2023-44294	date:	2024-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-027386	date:	2024-10-18T08:42:00
db:	NVD	id:	CVE-2023-44294	date:	2024-10-17T14:40:17.827

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-11513	date:	2024-03-04T00:00:00
db:	VULMON	id:	CVE-2023-44294	date:	2024-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-027386	date:	2024-10-18T00:00:00
db:	NVD	id:	CVE-2023-44294	date:	2024-02-14T09:15:35.743