CVE-2024-24907 in Secure Connect Gatewayinfo

Summary

by MITRE • 03/01/2024

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/18/2025

The CVE-2024-24907 vulnerability affects Dell Secure Connect Gateway Policy Manager across all versions, representing a critical stored cross-site scripting flaw that resides within the Filters page component. This vulnerability demonstrates a fundamental weakness in input validation and output encoding mechanisms within the web application's data handling processes. The flaw allows an attacker positioned within the adjacent network who possesses high privileged access to inject malicious code into the application's data storage system, creating a persistent threat vector that can compromise user sessions and data integrity.

The technical exploitation of this vulnerability follows a classic stored XSS attack pattern where malicious input is first accepted and then stored within the application's backend database or configuration storage. When legitimate users navigate to the affected Filters page, their browsers execute the malicious code within the context of the vulnerable web application, effectively bypassing normal security boundaries. This execution occurs because the application fails to properly sanitize or escape user-supplied data before rendering it in web pages, creating an environment where attacker-controlled JavaScript can run with the privileges of the authenticated user.

From an operational perspective, this vulnerability presents significant risk to organizations relying on Dell Secure Connect Gateway for network security management. The adjacent network attacker requirement reduces the attack surface compared to remote exploitation scenarios, but the high privileged access needed suggests that the threat model involves internal network adversaries or compromised accounts within the trusted network perimeter. The potential impact includes unauthorized information disclosure, session hijacking, and client-side request forgery attacks that could enable attackers to perform actions on behalf of legitimate users without their knowledge or consent.

The vulnerability aligns with CWE-079, which specifically addresses cross-site scripting flaws in web applications, and follows patterns commonly associated with ATT&CK technique T1566.001 for initial access through malicious content. Organizations should implement immediate mitigations including input validation controls, output encoding mechanisms, and regular security testing of web application components. The remediation process requires updating to patched versions of Dell Secure Connect Gateway, implementing additional network segmentation controls, and conducting comprehensive security assessments to identify similar vulnerabilities in other web applications within the network infrastructure.

Responsible

Dell

Reservation

02/01/2024

Disclosure

03/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00422

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!