DSA-2024-464: Security Update for Dell Secure Connect Gateway-Application and Appliance Vulnerability

Zhrnutie: Dell Secure Connect Gateway Application and Appliance remediation is available for a SQL injection vulnerability that can be exploited by a malicious user locally with a valid session to compromise that affected system only. ...

Tento článok sa vzťahuje na Tento článok sa nevzťahuje na Tento článok nie je viazaný na žiadny konkrétny produkt. V tomto článku nie sú uvedené všetky verzie produktov.
Pozrite si ďalšie zdroje

Dosah

Low

Podrobnosti

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-51539

The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data.

 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-51539

The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data.

 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies odporúča všetkým svojim zákazníkom, aby sa riadili nielen základným skóre CVSS, ale aj prechodným skóre a skóre závažnosti v konkrétnych prostrediach, na základe ktorého môžu vyhodnotiť celkové riziko vo vlastnom prostredí.

Dotknuté produkty a riešenie problému

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-51539 Secure Connect Gateway - Application Versions prior to 5.28.00 Version 5.28.00 or later https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers
CVE-2024-51539 Secure Connect Gateway - Appliance Versions prior to 5.28.00 Version 5.28.00 or later https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

 

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-51539 Secure Connect Gateway - Application Versions prior to 5.28.00 Version 5.28.00 or later https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers
CVE-2024-51539 Secure Connect Gateway - Appliance Versions prior to 5.28.00 Version 5.28.00 or later https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

 

História revízií

RevisionDateDescription
1.02025-02-25Initial Release

 

Potvrdenia

CVE-2024-51539: Dell would like to thank saltedfish for reporting this issue. 

Súvisiace informácie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Dotknuté produkty

Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual Edition
Vlastnosti článku
Číslo článku: 000289550
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 25 feb 2025
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.