CVE-2024-28969 – Dell Secure Connect Gateway (SCG) versions befo... (How to Fix)

Q: What is the severity of CVE-2024-28969?

CVE-2024-28969 has a CVSS score of 4.3 (MEDIUM). Dell Secure Connect Gateway (SCG) versions before 5.24.00.00 have an improper access control vulnerability in an internal update REST API. A remote low-privileged attacker could exploit this to execute admin-only API calls, potentially accessing restricted resources. Only systems with the vulnerable API enabled by an admin are affected.

📋 TL;DR

Dell Secure Connect Gateway (SCG) versions before 5.24.00.00 have an improper access control vulnerability in an internal update REST API. A remote low-privileged attacker could exploit this to execute admin-only API calls, potentially accessing restricted resources. Only systems with the vulnerable API enabled by an admin are affected.

💻 Affected Systems

Products:

Dell Secure Connect Gateway (SCG)

Versions: All versions prior to 5.24.00.00

Operating Systems: Appliance-specific OS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the internal update REST API has been enabled by an admin user from the UI.

📦 What is this software?

Secure Connect Gateway by Dell

View all CVEs affecting Secure Connect Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized access to sensitive backend database resources, potentially including configuration data, credentials, or other restricted information.

🟠

Likely Case

Low-privileged users gaining access to admin-level API functions, potentially modifying settings or accessing data they shouldn't.

🟢

If Mitigated

No impact if the vulnerable internal update API is disabled or proper access controls are implemented.

🌐 Internet-Facing: MEDIUM - If SCG is exposed to the internet and the vulnerable API is enabled, remote exploitation is possible.

🏢 Internal Only: MEDIUM - Internal attackers with low privileges could exploit this if they have network access to SCG.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires low-privileged access and the vulnerable API to be enabled. No authentication bypass needed beyond existing low privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.24.00.00

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities

Restart Required: Yes

Instructions:

1. Download SCG version 5.24.00.00 from Dell support. 2. Backup current configuration. 3. Apply the update following Dell's upgrade procedures. 4. Restart the SCG appliance.

🔧 Temporary Workarounds

Disable vulnerable internal update API

all

Disable the internal update REST API through the SCG admin UI if not required.

🧯 If You Can't Patch

Ensure the internal update REST API is disabled in SCG admin UI
Restrict network access to SCG management interfaces to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check SCG version via admin UI or CLI. If version is below 5.24.00.00 and internal update API is enabled, system is vulnerable.

Check Version:

Check via SCG admin UI under System Information or use appliance-specific CLI commands.

Verify Fix Applied:

Confirm SCG version is 5.24.00.00 or higher via admin UI or CLI.

📡 Detection & Monitoring

Log Indicators:

Unauthorized API calls to internal update endpoints from low-privileged users
Access denied errors followed by successful admin API calls

Network Indicators:

Unusual REST API traffic to SCG internal update endpoints from non-admin sources

SIEM Query:

source="dell-scg" AND (event_type="api_call" AND api_endpoint="*internal/update*" AND user_role="low_privilege")

📊 Metadata

CVE ID: CVE-2024-28969

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

Published: June 13, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28969, you might also want to check these: