Details of VAR-202406-2673

ID

VAR-202406-2673

CVE

CVE-2024-28968

TITLE

Dell's secure connect gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-004964

DESCRIPTION

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-28968 // JVNDB: JVNDB-2024-004964

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	gte	version:	5.18.00.20	Trust: 1.0
vendor:	dell	model:	secure connect gateway	scope:	lte	version:	5.22.00.18	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.18.00.20 to 5.22.00.18	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-004964 // NVD: CVE-2024-28968

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-28968
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2024-28968
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-28968
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2024-28968
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 2.0
NVD:	CVE-2024-28968
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-004964 // NVD: CVE-2024-28968 // NVD: CVE-2024-28968

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004964 // NVD: CVE-2024-28968

EXTERNAL IDS

db:	NVD	id:	CVE-2024-28968	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-004964	Trust: 0.8

sources: JVNDB: JVNDB-2024-004964 // NVD: CVE-2024-28968

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-28968	Trust: 0.8

sources: JVNDB: JVNDB-2024-004964 // NVD: CVE-2024-28968

SOURCES

db:	JVNDB	id:	JVNDB-2024-004964
db:	NVD	id:	CVE-2024-28968

LAST UPDATE DATE

2024-08-15T12:50:45.319000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-004964	date:	2024-08-08T00:09:00
db:	NVD	id:	CVE-2024-28968	date:	2024-08-06T15:29:59.990

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-004964	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-28968	date:	2024-06-13T15:15:51.890