CVE-2024-22457

Summary

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.

Affected Software

VendorProductVersion RangeStatus
DellSecure Connect Gateway (SCG) 5.0 Appliance - SRS5.20.00.10affected

Weaknesses

  • CWE-290: CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References