CVE-2024-47240 – Dell Secure Connect Gateway 5.24 has incorrect ... (How to Fix)

Q: What is the severity of CVE-2024-47240?

CVE-2024-47240 has a CVSS score of 5.5 (MEDIUM). Dell Secure Connect Gateway 5.24 has incorrect default file permissions that allow local low-privileged attackers to access the file system. This could enable unauthorized data modification and potentially disrupt version updates. Only organizations running Dell SCG version 5.24 are affected.

📋 TL;DR

Dell Secure Connect Gateway 5.24 has incorrect default file permissions that allow local low-privileged attackers to access the file system. This could enable unauthorized data modification and potentially disrupt version updates. Only organizations running Dell SCG version 5.24 are affected.

💻 Affected Systems

Products:

Dell Secure Connect Gateway

Versions: 5.24

Operating Systems: Not OS-specific - affects SCG appliance

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Dell SCG appliances running version 5.24. Requires local access to the system.

📦 What is this software?

Secure Connect Gateway by Dell

View all CVEs affecting Secure Connect Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains write access to sensitive system files, potentially leading to privilege escalation, data corruption, or complete system compromise.

🟠

Likely Case

Local user modifies configuration files or application data, causing service disruption or version update failures.

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place, potentially only causing minor service interruptions.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring local access to the system.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to disrupt services or modify data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access with low privileges. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 5.25 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities

Restart Required: Yes

Instructions:

1. Download the latest SCG update from Dell Support. 2. Backup current configuration. 3. Apply the update through the SCG web interface. 4. Restart the SCG appliance as prompted.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and remote local access to SCG appliances to authorized administrators only.

File Permission Hardening

linux

Manually review and tighten file permissions on critical SCG directories and files.

chmod 750 /opt/dell/scg/*
chown root:root /opt/dell/scg/*

🧯 If You Can't Patch

Implement strict access controls to limit who can log into SCG appliances locally
Enable detailed file system auditing and monitor for unauthorized file access attempts

🔍 How to Verify

Check if Vulnerable:

Check SCG version via web interface: Admin > About, or run: cat /opt/dell/scg/version.txt

Check Version:

cat /opt/dell/scg/version.txt

Verify Fix Applied:

Confirm version is 5.25 or later and verify file permissions on critical directories are properly restricted

📡 Detection & Monitoring

Log Indicators:

Unauthorized file access attempts in system logs
Failed update processes
Permission denied errors from non-admin users

Network Indicators:

Unusual local login patterns to SCG management interface

SIEM Query:

source="scg_logs" AND (event="file_access" OR event="permission_error") AND user!="admin"

📊 Metadata

CVE ID: CVE-2024-47240

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-276

Published: October 18, 2024

Last Updated: October 22, 2024

🔗 References

https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47240, you might also want to check these: