Details of VAR-202402-1915

ID

VAR-202402-1915

CVE

CVE-2023-44293

TITLE

Dell's secure connect gateway In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-027400

DESCRIPTION

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. Dell's secure connect gateway for, SQL There is an injection vulnerability.Information may be obtained

Trust: 2.25

sources: NVD: CVE-2023-44293 // JVNDB: JVNDB-2023-027400 // CNVD: CNVD-2024-11514 // VULMON: CVE-2023-44293

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-11514

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	gte	version:	5.10.00.00	Trust: 1.0
vendor:	dell	model:	secure connect gateway	scope:	lt	version:	5.20.00.00	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.10.00.00 that's all 5.20.00.00	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	dell	model:	secure connect gateway application	scope:	gte	version:	5.10.00.00,<=5.18.00.00	Trust: 0.6

sources: CNVD: CNVD-2024-11514 // JVNDB: JVNDB-2023-027400 // NVD: CVE-2023-44293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-44293
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2023-44293
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-44293
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-11514
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-11514
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-44293
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2023-44293
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2023-44293
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-11514 // JVNDB: JVNDB-2023-027400 // NVD: CVE-2023-44293 // NVD: CVE-2023-44293

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027400 // NVD: CVE-2023-44293

PATCH

title:

Patch for Dell Secure Connect Gateway Application SQL Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/530081

Trust: 0.6

sources: CNVD: CNVD-2024-11514

EXTERNAL IDS

db:	NVD	id:	CVE-2023-44293	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-027400	Trust: 0.8
db:	CNVD	id:	CNVD-2024-11514	Trust: 0.6
db:	VULMON	id:	CVE-2023-44293	Trust: 0.1

sources: CNVD: CNVD-2024-11514 // VULMON: CVE-2023-44293 // JVNDB: JVNDB-2023-027400 // NVD: CVE-2023-44293

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-44293	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-44293/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-11514 // VULMON: CVE-2023-44293 // JVNDB: JVNDB-2023-027400 // NVD: CVE-2023-44293

SOURCES

db:	CNVD	id:	CNVD-2024-11514
db:	VULMON	id:	CVE-2023-44293
db:	JVNDB	id:	JVNDB-2023-027400
db:	NVD	id:	CVE-2023-44293

LAST UPDATE DATE

2024-10-24T22:40:11.292000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-11514	date:	2024-03-04T00:00:00
db:	VULMON	id:	CVE-2023-44293	date:	2024-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-027400	date:	2024-10-22T07:23:00
db:	NVD	id:	CVE-2023-44293	date:	2024-10-17T14:40:15.220

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-11514	date:	2024-03-04T00:00:00
db:	VULMON	id:	CVE-2023-44293	date:	2024-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-027400	date:	2024-10-22T00:00:00
db:	NVD	id:	CVE-2023-44293	date:	2024-02-14T08:15:09.683