CVE-2024-24900 in Secure Connect Gateway
Summary
by MITRE • 03/01/2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/18/2025
The Dell Secure Connect Gateway Policy Manager vulnerability represents a critical improper authorization flaw that undermines the security posture of network access control systems. This vulnerability affects all versions of the SCG Policy Manager component within Dell Secure Connect Gateway appliances, creating a pathway for attackers to bypass legitimate access controls and manipulate network policies. The flaw exists at the authorization layer where the system fails to properly validate user credentials and privileges before granting access to policy modification functions. Security researchers have identified that an attacker positioned within the same network segment can exploit this weakness to add unauthorized devices to existing policies, effectively compromising the integrity of the network access control mechanisms.
The technical implementation of this vulnerability stems from inadequate access control validation within the Policy Manager component. When legitimate users attempt to modify network policies, the system should verify their authorization level before permitting changes to policy configurations. However, the flawed implementation allows low privileged network entities to perform administrative actions without proper authentication or authorization checks. This improper authorization condition creates a scenario where unauthorized modifications can be made to device policies, potentially enabling attackers to establish persistent access points within the network infrastructure. The vulnerability specifically impacts the authentication and authorization framework of the SCG appliance, where session validation and privilege escalation controls are insufficient to prevent unauthorized access to policy management functions.
The operational impact of this vulnerability extends beyond simple policy manipulation to encompass potential information disclosure and broader system compromise. An attacker exploiting this flaw could introduce malicious devices into network policies, creating backdoor access points that persist even after normal network operations resume. This capability allows for extended unauthorized access to network resources and could facilitate lateral movement within the network infrastructure. The vulnerability's proximity to information disclosure risks means that attackers might gain access to sensitive network configuration data, device credentials, and policy details that could be leveraged for further exploitation. Additionally, the ability to add unauthorized devices to policies creates opportunities for man-in-the-middle attacks, DNS poisoning, and other network-based attacks that could severely compromise the organization's security posture.
Organizations should implement immediate mitigations to address this vulnerability including network segmentation to limit access to SCG appliances, enforcing strict access controls on management interfaces, and implementing monitoring for unauthorized policy changes. The vulnerability aligns with CWE-285, which addresses improper authorization in software systems, and represents a clear violation of the principle of least privilege. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and persistence mechanisms, where attackers can establish unauthorized access through policy manipulation. Security teams should conduct comprehensive audits of all SCG appliances, review network access controls, and implement multi-factor authentication for administrative access to prevent exploitation. Regular security assessments should include testing for similar authorization flaws in network infrastructure components, as this vulnerability demonstrates how insufficient access control validation can create persistent security risks that may remain undetected for extended periods.