Details of VAR-202403-0198

ID

VAR-202403-0198

CVE

CVE-2024-22457

TITLE

Dell's secure connect gateway Spoofing authentication evasion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-013968

DESCRIPTION

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. Dell's secure connect gateway Exists in spoofing authentication evasion vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-22457 // JVNDB: JVNDB-2024-013968

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	eq	version:	5.20.00.10	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.20.00.10	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-013968 // NVD: CVE-2024-22457

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-22457
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-22457
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-22457
value:	HIGH
Trust: 0.8

security_alert@emc.com:	CVE-2024-22457
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-22457
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-22457
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-013968 // NVD: CVE-2024-22457 // NVD: CVE-2024-22457

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.0
problemtype:	Avoid authentication by spoofing (CWE-290) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-013968 // NVD: CVE-2024-22457

EXTERNAL IDS

db:	NVD	id:	CVE-2024-22457	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-013968	Trust: 0.8

sources: JVNDB: JVNDB-2024-013968 // NVD: CVE-2024-22457

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-22457	Trust: 0.8

sources: JVNDB: JVNDB-2024-013968 // NVD: CVE-2024-22457

SOURCES

db:	JVNDB	id:	JVNDB-2024-013968
db:	NVD	id:	CVE-2024-22457

LAST UPDATE DATE

2024-12-11T23:08:45.109000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-013968	date:	2024-12-05T01:09:00
db:	NVD	id:	CVE-2024-22457	date:	2024-12-04T17:57:09.997

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-013968	date:	2024-12-05T00:00:00
db:	NVD	id:	CVE-2024-22457	date:	2024-03-01T11:15:07.127