Details of VAR-202503-1277

ID

VAR-202503-1277

CVE

CVE-2025-23382

TITLE

Dell's secure connect gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-004238

DESCRIPTION

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c. Dell's secure connect gateway Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-23382 // JVNDB: JVNDB-2025-004238

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	eq	version:	5.26.00.20	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.28.00.14	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-004238 // NVD: CVE-2025-23382

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2025-23382
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-23382
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2025-23382
value:	MEDIUM
Trust: 0.8

security_alert@emc.com:	CVE-2025-23382
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.3
impactScore:	3.7
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-23382
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.3
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2025-23382
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-004238 // NVD: CVE-2025-23382 // NVD: CVE-2025-23382

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-497	Trust: 1.0
problemtype:	Leakage of important information to unauthorized control areas (CWE-497) [ others ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-004238 // NVD: CVE-2025-23382

EXTERNAL IDS

db:	NVD	id:	CVE-2025-23382	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-004238	Trust: 0.8

sources: JVNDB: JVNDB-2025-004238 // NVD: CVE-2025-23382

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-uk/000291028/dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-23382	Trust: 0.8

sources: JVNDB: JVNDB-2025-004238 // NVD: CVE-2025-23382

SOURCES

db:	JVNDB	id:	JVNDB-2025-004238
db:	NVD	id:	CVE-2025-23382

LAST UPDATE DATE

2025-05-22T23:07:11.987000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-004238	date:	2025-05-01T03:26:00
db:	NVD	id:	CVE-2025-23382	date:	2025-05-20T18:01:47.223

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-004238	date:	2025-05-01T00:00:00
db:	NVD	id:	CVE-2025-23382	date:	2025-03-19T16:15:30.787