Details of VAR-202403-0280

ID

VAR-202403-0280

CVE

CVE-2024-24903

TITLE

Dell's secure connect gateway Vulnerability related to password management function in

Trust: 0.8

sources: JVNDB: JVNDB-2024-014086

DESCRIPTION

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-24903 // JVNDB: JVNDB-2024-014086

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	lt	version:	5.22.00.16	Trust: 1.0
vendor:	dell	model:	secure connect gateway	scope:	gte	version:	5.10.00.10	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.10.00.10 that's all 5.22.00.16	Trust: 0.8

sources: JVNDB: JVNDB-2024-014086 // NVD: CVE-2024-24903

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-24903
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-24903
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-24903
value:	HIGH
Trust: 0.8

security_alert@emc.com:	CVE-2024-24903
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-24903
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-014086 // NVD: CVE-2024-24903 // NVD: CVE-2024-24903

PROBLEMTYPE DATA

problemtype:	CWE-640	Trust: 1.0
problemtype:	How weak password recovery works if you forget your password (CWE-640) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-014086 // NVD: CVE-2024-24903

EXTERNAL IDS

db:	NVD	id:	CVE-2024-24903	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-014086	Trust: 0.8

sources: JVNDB: JVNDB-2024-014086 // NVD: CVE-2024-24903

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-24903	Trust: 0.8

sources: JVNDB: JVNDB-2024-014086 // NVD: CVE-2024-24903

SOURCES

db:	JVNDB	id:	JVNDB-2024-014086
db:	NVD	id:	CVE-2024-24903

LAST UPDATE DATE

2024-12-11T23:15:41.930000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-014086	date:	2024-12-06T05:49:00
db:	NVD	id:	CVE-2024-24903	date:	2024-12-05T16:45:06.087

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-014086	date:	2024-12-06T00:00:00
db:	NVD	id:	CVE-2024-24903	date:	2024-03-01T14:15:53.320