Details of VAR-202410-1656

ID

VAR-202410-1656

CVE

CVE-2024-47241

TITLE

Dell's secure connect gateway Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2024-014847

DESCRIPTION

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. The vulnerability is caused by an incorrect certificate verification vulnerability

Trust: 2.16

sources: NVD: CVE-2024-47241 // JVNDB: JVNDB-2024-014847 // CNVD: CNVD-2024-41687

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41687

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	eq	version:	5.24.00.14	Trust: 1.6
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.24.00.14	Trust: 0.8

sources: CNVD: CNVD-2024-41687 // JVNDB: JVNDB-2024-014847 // NVD: CVE-2024-47241

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-47241
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-47241
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-47241
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-41687
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-41687
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2024-47241
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.1
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-47241
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2024-47241
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41687 // JVNDB: JVNDB-2024-014847 // NVD: CVE-2024-47241 // NVD: CVE-2024-47241

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	Illegal certificate verification (CWE-295) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-014847 // NVD: CVE-2024-47241

PATCH

title:

Patch for Dell Secure Connect Gateway Trust Management Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/601376

Trust: 0.6

sources: CNVD: CNVD-2024-41687

EXTERNAL IDS

db:	NVD	id:	CVE-2024-47241	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-014847	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41687	Trust: 0.6

sources: CNVD: CNVD-2024-41687 // JVNDB: JVNDB-2024-014847 // NVD: CVE-2024-47241

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-47241	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2024-47241/	Trust: 0.6

sources: CNVD: CNVD-2024-41687 // JVNDB: JVNDB-2024-014847 // NVD: CVE-2024-47241

SOURCES

db:	CNVD	id:	CNVD-2024-41687
db:	JVNDB	id:	JVNDB-2024-014847
db:	NVD	id:	CVE-2024-47241

LAST UPDATE DATE

2024-12-17T22:59:37.694000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41687	date:	2024-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-014847	date:	2024-12-16T07:45:00
db:	NVD	id:	CVE-2024-47241	date:	2024-12-13T14:37:10.467

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41687	date:	2024-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-014847	date:	2024-12-16T00:00:00
db:	NVD	id:	CVE-2024-47241	date:	2024-10-18T17:15:12.880