CVE-2024-24900 in Secure Connect Gatewayinfo

Summary

by MITRE • 03/01/2024

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/18/2025

The Dell Secure Connect Gateway Policy Manager vulnerability represents a critical improper authorization flaw that undermines the security posture of network access control systems. This vulnerability affects all versions of the SCG Policy Manager component within Dell Secure Connect Gateway appliances, creating a pathway for attackers to bypass legitimate access controls and manipulate network policies. The flaw exists at the authorization layer where the system fails to properly validate user credentials and privileges before granting access to policy modification functions. Security researchers have identified that an attacker positioned within the same network segment can exploit this weakness to add unauthorized devices to existing policies, effectively compromising the integrity of the network access control mechanisms.

The technical implementation of this vulnerability stems from inadequate access control validation within the Policy Manager component. When legitimate users attempt to modify network policies, the system should verify their authorization level before permitting changes to policy configurations. However, the flawed implementation allows low privileged network entities to perform administrative actions without proper authentication or authorization checks. This improper authorization condition creates a scenario where unauthorized modifications can be made to device policies, potentially enabling attackers to establish persistent access points within the network infrastructure. The vulnerability specifically impacts the authentication and authorization framework of the SCG appliance, where session validation and privilege escalation controls are insufficient to prevent unauthorized access to policy management functions.

The operational impact of this vulnerability extends beyond simple policy manipulation to encompass potential information disclosure and broader system compromise. An attacker exploiting this flaw could introduce malicious devices into network policies, creating backdoor access points that persist even after normal network operations resume. This capability allows for extended unauthorized access to network resources and could facilitate lateral movement within the network infrastructure. The vulnerability's proximity to information disclosure risks means that attackers might gain access to sensitive network configuration data, device credentials, and policy details that could be leveraged for further exploitation. Additionally, the ability to add unauthorized devices to policies creates opportunities for man-in-the-middle attacks, DNS poisoning, and other network-based attacks that could severely compromise the organization's security posture.

Organizations should implement immediate mitigations to address this vulnerability including network segmentation to limit access to SCG appliances, enforcing strict access controls on management interfaces, and implementing monitoring for unauthorized policy changes. The vulnerability aligns with CWE-285, which addresses improper authorization in software systems, and represents a clear violation of the principle of least privilege. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and persistence mechanisms, where attackers can establish unauthorized access through policy manipulation. Security teams should conduct comprehensive audits of all SCG appliances, review network access controls, and implement multi-factor authentication for administrative access to prevent exploitation. Regular security assessments should include testing for similar authorization flaws in network infrastructure components, as this vulnerability demonstrates how insufficient access control validation can create persistent security risks that may remain undetected for extended periods.

Responsible

Dell

Reservation

02/01/2024

Disclosure

03/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00220

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!