Details of VAR-202403-0195

ID

VAR-202403-0195

CVE

CVE-2024-24907

TITLE

Dell Secure Connect Gateway cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-14584

DESCRIPTION

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell Secure Connect Gateway is a secure connection gateway from the American company Dell. No detailed vulnerability details are currently available

Trust: 1.44

sources: NVD: CVE-2024-24907 // CNVD: CNVD-2024-14584

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-14584

AFFECTED PRODUCTS

vendor:

dell

model:

emc secure connect gateway

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2024-14584

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-24907
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-14584
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-14584
severity:	MEDIUM
baseScore:	6.7
vectorString:	AV:A/AC:L/AU:M/C:C/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	4.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector:	ADJACENT_NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.8
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-14584 // NVD: CVE-2024-24907

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2024-24907

PATCH

title:

Patch for Dell Secure Connect Gateway cross-site scripting vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/536631

Trust: 0.6

sources: CNVD: CNVD-2024-14584

EXTERNAL IDS

db:	NVD	id:	CVE-2024-24907	Trust: 1.6
db:	CNVD	id:	CNVD-2024-14584	Trust: 0.6

sources: CNVD: CNVD-2024-14584 // NVD: CVE-2024-24907

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	Trust: 1.0
url:	https://cxsecurity.com/cveshow/cve-2024-24907/	Trust: 0.6

sources: CNVD: CNVD-2024-14584 // NVD: CVE-2024-24907

SOURCES

db:	CNVD	id:	CNVD-2024-14584
db:	NVD	id:	CVE-2024-24907

LAST UPDATE DATE

2024-03-23T22:54:17.772000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-14584	date:	2024-03-22T00:00:00
db:	NVD	id:	CVE-2024-24907	date:	2024-03-01T14:15:53.843

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-14584	date:	2024-03-22T00:00:00
db:	NVD	id:	CVE-2024-24907	date:	2024-03-01T14:15:53.843