CVE-2021-36340
📋 TL;DR
Dell EMC Secure Connect Gateway (SCG) versions 5.00.00.10 and earlier contain a sensitive information disclosure vulnerability. A local malicious user can exploit this to read sensitive information stored in the system, potentially including credentials or configuration data. This affects organizations using vulnerable versions of Dell EMC SCG.
💻 Affected Systems
- Dell EMC Secure Connect Gateway
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains access to administrative credentials, configuration secrets, or other sensitive data, leading to complete system compromise or lateral movement within the network.
Likely Case
Local user with malicious intent extracts sensitive configuration information that could be used for further attacks or reconnaissance.
If Mitigated
With proper access controls and monitoring, impact is limited to information disclosure without escalation to full system compromise.
🎯 Exploit Status
Exploitation requires local access to the system but appears to be straightforward based on the CWE-532 (Insertion of Sensitive Information into Log File) classification.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to version newer than 5.00.00.10
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000193601/dsa-2021-245-dell-emc-secure-connect-gateway-security-update-for-multiple-vulnerabilities
Restart Required: Yes
Instructions:
1. Download the latest SCG update from Dell support site. 2. Follow Dell's update procedures for SCG appliances. 3. Apply the update and restart the system as required.
🔧 Temporary Workarounds
Restrict local access
allLimit physical and logical access to SCG appliances to authorized personnel only.
Enhanced monitoring
allImplement strict monitoring of local access and file access patterns on SCG systems.
🧯 If You Can't Patch
- Implement strict access controls to limit who can access the SCG system locally
- Monitor system logs for unusual access patterns or information disclosure attempts
🔍 How to Verify
Check if Vulnerable:
Check SCG version via web interface or CLI. If version is 5.00.00.10 or earlier, system is vulnerable.Check Version:
Check via SCG web interface under System Information or use appliance-specific CLI commandsVerify Fix Applied:
After patching, verify version is newer than 5.00.00.10 and test that sensitive information is no longer accessible via the vulnerability.📡 Detection & Monitoring
Log Indicators:
- Unusual local access patterns
- Access to sensitive files or logs by unauthorized users
- Failed attempts to access restricted system areas
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Search for local file access events on SCG systems, particularly access to configuration or log files containing sensitive data