Details of VAR-202402-1915

ID

VAR-202402-1915

CVE

CVE-2023-44293

TITLE

Dell Secure Connect Gateway Application SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-11514

DESCRIPTION

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. Dell Secure Connect Gateway Application is a secure connection gateway from Dell Corporation of the United States

Trust: 1.53

sources: NVD: CVE-2023-44293 // CNVD: CNVD-2024-11514 // VULMON: CVE-2023-44293

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-11514

AFFECTED PRODUCTS

vendor:

dell

model:

secure connect gateway application

scope:

gte

version:

5.10.00.00,<=5.18.00.00

Trust: 0.6

sources: CNVD: CNVD-2024-11514

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2023-44293
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-11514
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-11514
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-11514 // NVD: CVE-2023-44293

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2023-44293

PATCH

title:

Patch for Dell Secure Connect Gateway Application SQL Injection Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/530081

Trust: 0.6

sources: CNVD: CNVD-2024-11514

EXTERNAL IDS

db:	NVD	id:	CVE-2023-44293	Trust: 1.7
db:	CNVD	id:	CNVD-2024-11514	Trust: 0.6
db:	VULMON	id:	CVE-2023-44293	Trust: 0.1

sources: CNVD: CNVD-2024-11514 // VULMON: CVE-2023-44293 // NVD: CVE-2023-44293

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000219372/dsa-2023-403-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities	Trust: 1.1
url:	https://cxsecurity.com/cveshow/cve-2023-44293/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-11514 // VULMON: CVE-2023-44293 // NVD: CVE-2023-44293

SOURCES

db:	CNVD	id:	CNVD-2024-11514
db:	VULMON	id:	CVE-2023-44293
db:	NVD	id:	CVE-2023-44293

LAST UPDATE DATE

2024-03-05T22:37:15.368000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-11514	date:	2024-03-04T00:00:00
db:	VULMON	id:	CVE-2023-44293	date:	2024-02-14T00:00:00
db:	NVD	id:	CVE-2023-44293	date:	2024-02-14T13:59:35.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-11514	date:	2024-03-04T00:00:00
db:	VULMON	id:	CVE-2023-44293	date:	2024-02-14T00:00:00
db:	NVD	id:	CVE-2023-44293	date:	2024-02-14T08:15:09.683