DSA-2024-464: Security Update for Dell Secure Connect Gateway-Application and Appliance Vulnerability
Summary: Dell Secure Connect Gateway Application and Appliance remediation is available for a SQL injection vulnerability that can be exploited by a malicious user locally with a valid session to compromise that affected system only. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Low
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2024-51539 |
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data. |
2.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2024-51539 |
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data. |
2.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-51539 | Secure Connect Gateway - Application | Versions prior to 5.28.00 | Version 5.28.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| CVE-2024-51539 | Secure Connect Gateway - Appliance | Versions prior to 5.28.00 | Version 5.28.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-51539 | Secure Connect Gateway - Application | Versions prior to 5.28.00 | Version 5.28.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| CVE-2024-51539 | Secure Connect Gateway - Appliance | Versions prior to 5.28.00 | Version 5.28.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
Revision History
| Revision | Date | Description |
| 1.0 | 2025-02-25 | Initial Release |
Acknowledgements
CVE-2024-51539: Dell would like to thank saltedfish for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual EditionArticle Properties
Article Number: 000289550
Article Type: Dell Security Advisory
Last Modified: 25 Feb 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.