CVE-2024-24900

EUVD-2024-22263
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
dellpolicy_manager_for_secure_connect_gateway
𝑥
< 5.22.00.16
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dellsecure_connect_gateway_policy_manager
𝑥
< 5.22.00.16
ADP
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities