Dell Secure Connect Gateway Vulnerability Could Lead to Information Disclosure
CVE-2023-44293

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Secure Connect Gateway-application; Secure Connect Gateway-appliance
Vendor: CVE Published:; 14 February 2024

Summary

A vulnerability exists in the Dell Secure Connect Gateway Application and Appliance, particularly affecting versions between v5.10.00.00 and v5.18.00.00. This security issue allows an authenticated malicious user to inject harmful content into the filters of the IP Range Rest API. As a result, there is a risk of unintentional information disclosure from the product's database, posing potential security and privacy risks to users. It is imperative for organizations using these affected versions to assess their exposure and apply necessary updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Secure Connect Gateway-Appliance v5.10.00.00

Secure Connect Gateway-Application v5.10.00.00

References

https://www.dell.com/support/kbdoc/en-us/000219372/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Sep 28, 2023