CVE-2024-28966

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-13 15:15

Updated : 2024-06-13 18:35

NVD link : CVE-2024-28966

Mitre link : CVE-2024-28966

CVE.ORG link : CVE-2024-28966

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

5.4 /10