July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Internet Archive Breached Due to Stolen Access Tokens
October 22, 2024Lazarus aka Hidden Cobra APT Group – Active IOCs
October 22, 2024Internet Archive Breached Due to Stolen Access Tokens
October 22, 2024Lazarus aka Hidden Cobra APT Group – Active IOCs
October 22, 2024
Severity
Medium
Analysis Summary
CVE-2024-48016 CVSS:4.6
Dell Secure Connect Gateway (SCG) could allow a remote authenticated attacker to obtain sensitive information caused by the use of a broken or risky cryptographic algorithm vulnerability. By sending a specially-crafted request, a remote attacker could exploit this vulnerability obtain sensitive information from files and use this information to launch further attacks against the affected system.
CVE-2024-47241 CVSS:5.5
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.
CVE-2024-47240 CVSS:5.5
Dell Secure Connect Gateway (SCG) could allow a remote attacker to bypass security restrictions, caused by incorrect default permissions vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to gain write access to unauthorized data and cause a version update failure condition.
Impact
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-48016
- CVE-2024-47241
- CVE-2024-47240
Affected Vendors
Dell
Affected Products
- Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS - 5.24.00.14
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.