CVE-2024-24904 in Secure Connect Gateway
Summary
by MITRE • 03/01/2024
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/18/2025
The CVE-2024-24904 vulnerability represents a critical stored cross-site scripting flaw within Dell Secure Connect Gateway Policy Manager across all affected versions. This vulnerability resides in the application's data handling mechanisms where user-supplied input is not properly sanitized before being stored in the application's data store. The flaw creates a persistent security risk because malicious code injected by an attacker becomes permanently stored within the system's trusted data repository, making it particularly dangerous for enterprise environments where administrative privileges are commonly used. The vulnerability is classified under CWE-79 as a classic cross-site scripting issue, specifically manifesting as a stored variant that differs from reflected XSS attacks in its persistence and potential for broader impact.
The exploitation of this vulnerability requires an attacker to be positioned within the adjacent network and possess high privileged access, which significantly reduces the attack surface but does not eliminate the risk entirely. Attackers can leverage this privilege to inject malicious HTML or JavaScript code into the Policy Manager's data storage mechanisms through legitimate administrative functions. Once the malicious code is stored, any authenticated user who accesses the affected data through the web interface becomes a victim of the attack. The web browser executes this malicious code within the context of the vulnerable web application, effectively allowing the attacker to operate with the privileges and session context of the victim user.
The operational impact of this vulnerability extends beyond simple client-side exploitation to encompass serious security implications including potential information disclosure, session hijacking, and client-side request forgery attacks. When malicious scripts execute within the victim's browser context, they can access sensitive session cookies, steal authentication tokens, and potentially exfiltrate confidential data from the Policy Manager interface. The vulnerability's persistence means that the malicious code continues to execute whenever affected users access the application, creating an ongoing threat vector that can be leveraged for extended reconnaissance or more sophisticated attacks. This stored XSS vulnerability aligns with ATT&CK technique T1531 for credential access and T1071.004 for application layer protocol usage, representing a significant threat to enterprise network security.
Organizations utilizing Dell Secure Connect Gateway Policy Manager must implement immediate mitigation strategies to address this vulnerability. The most effective approach involves applying the vendor-provided security patches and updates as soon as they become available, which typically include input sanitization measures and proper output encoding for web content. Network segmentation and access controls should be strengthened to limit the attack surface, ensuring that only authorized personnel can access administrative functions. Additionally, implementing web application firewalls and content security policies can provide additional layers of protection against XSS attacks. Regular security audits and penetration testing should be conducted to identify potential injection points and verify the effectiveness of implemented mitigations. Organizations should also consider implementing security awareness training for administrators to recognize potential social engineering attempts that could lead to privilege escalation and subsequent exploitation of this vulnerability.