Details of VAR-202410-1737

ID

VAR-202410-1737

CVE

CVE-2024-48016

TITLE

Dell's secure connect gateway Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2024-014773

DESCRIPTION

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. (DoS) It may be in a state. Dell Secure Connect Gateway (Dell SCG) is a secure connection gateway of Dell (Dell) in the United States. The vulnerability is caused by the use of damaged or risky encryption algorithms

Trust: 2.16

sources: NVD: CVE-2024-48016 // JVNDB: JVNDB-2024-014773 // CNVD: CNVD-2024-41686

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41686

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	eq	version:	5.24.00.14	Trust: 1.6
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.24.00.14	Trust: 0.8

sources: CNVD: CNVD-2024-41686 // JVNDB: JVNDB-2024-014773 // NVD: CVE-2024-48016

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-48016
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-48016
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-48016
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-41686
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-41686
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2024-48016
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-48016
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-48016
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41686 // JVNDB: JVNDB-2024-014773 // NVD: CVE-2024-48016 // NVD: CVE-2024-48016

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.0
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-014773 // NVD: CVE-2024-48016

PATCH

title:

Patch for Dell Secure Connect Gateway encryption issue vulnerability (CNVD-2024-41686)

url:

https://www.cnvd.org.cn/patchInfo/show/601381

Trust: 0.6

sources: CNVD: CNVD-2024-41686

EXTERNAL IDS

db:	NVD	id:	CVE-2024-48016	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-014773	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41686	Trust: 0.6

sources: CNVD: CNVD-2024-41686 // JVNDB: JVNDB-2024-014773 // NVD: CVE-2024-48016

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-48016	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2024-48016/	Trust: 0.6

sources: CNVD: CNVD-2024-41686 // JVNDB: JVNDB-2024-014773 // NVD: CVE-2024-48016

SOURCES

db:	CNVD	id:	CNVD-2024-41686
db:	JVNDB	id:	JVNDB-2024-014773
db:	NVD	id:	CVE-2024-48016

LAST UPDATE DATE

2024-12-17T22:56:12.525000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41686	date:	2024-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-014773	date:	2024-12-16T02:07:00
db:	NVD	id:	CVE-2024-48016	date:	2024-12-13T15:13:14.883

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41686	date:	2024-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-014773	date:	2024-12-16T00:00:00
db:	NVD	id:	CVE-2024-48016	date:	2024-10-18T17:15:13.380