Dell SCG Policy Manager Improper Auth: Allows Unauthorized Device Addition
CVE-2024-24900 Published on March 1, 2024

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2024-24900 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2024-24900

stack.watch emails you whenever new vulnerabilities are published in Dell Secure Connect Gateway or Dell Policy Manager Secure Connect Gateway. Just hit a watch button to start following.

Dell Secure Connect Gateway
 
Dell Policy Manager Secure Connect Gateway
 

Affected Versions

Dell Secure Connect Gateway (SCG) Policy Manager: dell secure_connect_gateway_policy_manager:

Exploit Probability

EPSS
0.09%
Percentile
24.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.