Details of VAR-202403-0112

ID

VAR-202403-0112

CVE

CVE-2024-24906

TITLE

Dell's secure connect gateway Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-014004

DESCRIPTION

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell Secure Connect Gateway is a secure connection gateway of Dell (Dell) in the United States. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-24906 // JVNDB: JVNDB-2024-014004 // CNVD: CNVD-2024-20305

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-20305

AFFECTED PRODUCTS

vendor:	dell	model:	policy manager for secure connect gateway	scope:	lt	version:	5.22.00.16	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.22.00.16	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	emc secure connect gateway	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-20305 // JVNDB: JVNDB-2024-014004 // NVD: CVE-2024-24906

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-24906
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-24906
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-24906
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-20305
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-20305
severity:	MEDIUM
baseScore:	6.7
vectorString:	AV:A/AC:L/AU:M/C:C/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	4.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2024-24906
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.8
version:	3.1
Trust: 2.0
NVD:	CVE-2024-24906
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-20305 // JVNDB: JVNDB-2024-014004 // NVD: CVE-2024-24906 // NVD: CVE-2024-24906

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-014004 // NVD: CVE-2024-24906

PATCH

title:

Patch for Dell Secure Connect Gateway Cross-Site Scripting Vulnerability (CNVD-2024-20305)

url:

https://www.cnvd.org.cn/patchInfo/show/543981

Trust: 0.6

sources: CNVD: CNVD-2024-20305

EXTERNAL IDS

db:	NVD	id:	CVE-2024-24906	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-014004	Trust: 0.8
db:	CNVD	id:	CNVD-2024-20305	Trust: 0.6

sources: CNVD: CNVD-2024-20305 // JVNDB: JVNDB-2024-014004 // NVD: CVE-2024-24906

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2024-24906	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2024-24906/	Trust: 0.6

sources: CNVD: CNVD-2024-20305 // JVNDB: JVNDB-2024-014004 // NVD: CVE-2024-24906

SOURCES

db:	CNVD	id:	CNVD-2024-20305
db:	JVNDB	id:	JVNDB-2024-014004
db:	NVD	id:	CVE-2024-24906

LAST UPDATE DATE

2025-05-22T23:06:50.281000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-20305	date:	2024-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-014004	date:	2024-12-05T02:48:00
db:	NVD	id:	CVE-2024-24906	date:	2025-05-20T18:54:48.717

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-20305	date:	2024-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2024-014004	date:	2024-12-05T00:00:00
db:	NVD	id:	CVE-2024-24906	date:	2024-03-01T13:15:08.277