Severity
Medium
Analysis Summary
CVE-2024-22458 CVSS:3.7
Dell Secure Connect Gateway could allow a remote attacker to obtain sensitive information, caused by an inadequate encryption strength vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to recover plaintext from a block of ciphertext.
CVE-2024-22457 CVSS:7.1
Dell Secure Connect Gateway could provide weaker than expected security, caused an improper authentication vulnerability during the SRS to SCG update path. A remote authenticated attacker could exploit this vulnerability to launch impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.
CVE-2024-22452 CVSS:7.3
Dell Display and Peripheral Manager for macOS could allow a local authenticated attacker to execute arbitrary code on the system, caused by an improper access control vulnerability. By modifying files in the installation folder, an attacker could exploit this vulnerability to execute arbitrary code, leading to privilege escalation.
CVE-2024-22463 CVSS:7.4
Dell PowerScale OneFS could allow a remote attacker to obtain sensitive information, caused by a use of a broken or risky cryptographic algorithm vulnerability. By sending a specially crafted request a remote attacker could exploit this vulnerability to cause compromise of confidentiality and integrity of sensitive information.
Impact
- Information Disclosure
- Gain Access
Indicators Of Compromise
CVE
- CVE-2024-22458
- CVE-2024-22457
- CVE-2024-22452
- CVE-2024-22463
Affected Vendors
Dell
Affected Products
- Dell PowerScale OneFS 9.5
- Dell PowerScale OneFS 8.2.0
- Dell PowerScale OneFS 9.6.1.0
- Dell Display and Peripheral Manager for macOS 1.2
- Dell PowerScale OneFS 9.5.0.5
- Dell PowerScale OneFS 9.4.0.16
- Dell Secure Connect Gateway 5.20.00.10
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.