ByteOS Network

Vulnerability Details :

CVE-2024-24903

Assigner-dell

Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe

Published At-01 Mar, 2024 | 13:30

Updated At-05 Aug, 2024 | 18:42

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:dell

Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe

Published At:01 Mar, 2024 | 13:30

Updated At:05 Aug, 2024 | 18:42

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Dell Inc.

Product

Secure Connect Gateway (SCG) Policy Manager

Default Status

unaffected

Versions

Affected

From 5.10 through 5.20.00.16 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-640	CWE-640: Weak Password Recovery Mechanism for Forgotten Password

Type: CWE

CWE ID: CWE-640

Description: CWE-640: Weak Password Recovery Mechanism for Forgotten Password

Metrics

Version	Base score	Base severity	Vector
3.1	8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Credits

finder

kosmosec

References

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	vendor-advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	vendor-advisory x_transferred

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Resource:

vendor-advisory

x_transferred

2. CISA ADP Vulnrichment

Affected Products

Vendor

Dell Inc.

Product

secure_connect_gateway_policy_manager

CPEs

cpe:2.3:a:dell:secure_connect_gateway_policy_manager:*:*:*:*:*:*:*:*

Default Status

unaffected

Versions

Affected

From 5.10 through 5.20.00.16 (semver)

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security_alert@emc.com

Published At:01 Mar, 2024 | 14:15

Updated At:20 May, 2025 | 18:56

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	3.1	8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Dell Inc.

>>policy_manager_for_secure_connect_gateway>>Versions from 5.10.00.10(inclusive) to 5.22.00.16(exclusive)

cpe:2.3:a:dell:policy_manager_for_secure_connect_gateway:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-640	Primary	security_alert@emc.com

CWE ID: CWE-640

Type: Primary

Source: security_alert@emc.com

References

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	security_alert@emc.com	Patch Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Source: security_alert@emc.com

Resource:

Patch

Vendor Advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Similar CVEs

8Records found

CVE-2021-21505

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8||HIGH

EPSS-5.41% / 90.24%

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-17 Sep, 2024 | 02:16

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges.

Vendor-Dell Inc.

Product-emc_integrated_system_for_microsoft_azure_stack_hub emc_integrated_system_for_microsoft_azure_stack_hub_firmware Dell EMC Integrated System for Microsoft Azure Stack Hub

CWE ID-CWE-255

Not Available

CWE ID-CWE-1188

Initialization of a Resource with an Insecure Default

CVE-2021-36338

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.08% / 22.78%

7 Day CHG~0.00%

Published-21 Jan, 2022 | 20:15

Updated-16 Sep, 2024 | 22:01

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax vasa solutions_enabler_virtual_appliance powermax_os solutions_enabler unisphere_360 Unisphere for PowerMax

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-565

Reliance on Cookies without Validation and Integrity Checking

CVE-2024-25951

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8||HIGH

EPSS-0.93% / 76.31%

7 Day CHG~0.00%

Published-09 Mar, 2024 | 05:56

Updated-31 Jan, 2025 | 16:07

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

Vendor-Dell Inc.

Product-idrac8 Integrated Dell Remote Access Controller 8 integrated_dell_remote_access_controller_8

CWE ID-CWE-1288

Improper Validation of Consistency within Input

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2025-22476

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.5||MEDIUM

EPSS-0.22% / 44.76%

7 Day CHG~0.00%

Published-06 May, 2025 | 16:08

Updated-04 Nov, 2025 | 17:07

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.

Vendor-Dell Inc.

Product-storage_manager Dell Storage Center - Dell Storage Manager

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2022-31233

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.11% / 28.93%

7 Day CHG~0.00%

Published-31 Aug, 2022 | 20:05

Updated-16 Sep, 2024 | 16:37

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax vasa solutions_enabler_virtual_appliance evasa_provider_virtual_appliance powermax_os solutions_enabler unisphere_360 Unisphere for PowerMax

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-669

Incorrect Resource Transfer Between Spheres

CVE-2020-5361

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.05% / 16.22%

7 Day CHG~0.00%

Published-04 Jan, 2021 | 21:15

Updated-16 Sep, 2024 | 23:06

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

Vendor-Dell Inc.

Product-cpg_bios CPG BIOS

CWE ID-CWE-640

Weak Password Recovery Mechanism for Forgotten Password

CVE-2024-22454

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-1.10% / 78.27%

7 Day CHG~0.00%

Published-13 Feb, 2024 | 07:35

Updated-09 May, 2025 | 18:26

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

Vendor-Dell Inc.

Product-powerprotect_data_manager PowerProtect Data Manager

CWE ID-CWE-640

Weak Password Recovery Mechanism for Forgotten Password

CVE-2025-36579

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.01% / 3.67%

7 Day CHG~0.00%

Published-16 Apr, 2026 | 16:05

Updated-17 Apr, 2026 | 15:14

Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.

Vendor-Dell Inc.

Product-Dell Pro 13 Premium PA13250 Dell Pro Tower Plus QBT1250/Dell Pro Tower QCT1250 Inspiron 3030 Alienware m15 R6 Dell G15 5511 Inspiron 5401 AIO Inspiron 27 7720 All-in-One Inspiron 14 Plus 7430 Alienware m16 R1 Inspiron 15 3520 Dell Pro 16 Plus PB16250 Dell 14 DC14250 Dell Pro Rugged 13 RA13250 Dell G15 5520 Inspiron 3020 Small Desktop Dell Pro 24 All-in-One Plus/Dell Pro 24 All-in-One Dell Pro 16 PC16250 Inspiron 5410 All-in-One ChengMing 3910/3911 Inspiron 16 5640 Inspiron 16 5620 Latitude 3550 Dell Pro 14 PC14250 Inspiron 27 7730 All-in-One Dell Pro 13 Plus PB13250 Inspiron 14 5430 Dell Pro 13 Plus PB13255 Inspiron 16 5630 Dell 16 Premium DA16250 Dell Tower Plus EBT2250 Alienware m18 R1 Dell G16 7620 Dell Pro Max Micro FCM2250 Latitude 3530 Latitude 3410 Dell G5 5000 Dell Pro Max 14 MC14250 Inspiron 16 Plus 7640 Alienware M18 R2 Dell Pro Tower / QCT1255 Latitude 3340 Dell Pro Slim Essential QVS1260 Alienware 16 Area-51 AA16250 Inspiron 16 7640 2-in-1 Latitude 3320 Dell Pro 16 Plus PB16255 Dell Pro 14 Plus PB14250 Dell Pro Max 14 MC14255 Dell G15 5510 Dell G15 5530 Dell 16 DC16250 Inspiron 16 7620 2-in-1 Inspiron 3020 Desktop ChengMing 3990 Dell Pro Rugged 14 RB14250 Latitude 3430 Inspiron 14 7430 2-in-1 Latitude 3140 Dell 16 DC16251 Dell Pro Slim / QCS1255 Dell Pro Max 16 MC16250 Inspiron 16 7630 2-in-1 Inspiron 14 5440 Inspiron 14 Plus 7420 Alienware m16 R2 Inspiron 24 5420 All-in-One Dell 15 DC15250 Inspiron 5510 Latitude 3120 Dell Pro 15 Essential PV15250 Latitude 3140 2in1 Inspiron 13 5320 Latitude 3520 Dell Pro 14 Premium PA14250 Dell Pro Tower Essential QVT1260 Latitude 3330 Inspiron 14 Plus 7440 Dell Pro Max 16 MC16255 Inspiron 7700 All-In-One Alienware Area-51 AAT225 Dell Pro Micro / QCM1255 Latitude 3540 ChengMing 3991 Latitude 3510 ChengMing 3900 Dell Tower ECT1250 Latitude 3450 Dell Pro 14 Plus PB14255 Inspiron 15 3511 Dell Pro Slim Plus QBS1250/Dell Pro Slim QCS1250 Dell G16 7630 Dell Pro Laptop PC14250 Latitude 3440 Inspiron 24 5430 All-in-One Inspiron 3910 Inspiron 7710 All-in-One Inspiron 13 5330 Inspiron 5400/5401 Dell 14 Premium DA14250 Dell Pro Micro/Micro Plus QCM1250/QBM1250 Inspiron 16 7610 Inspiron 3030S Inspiron 14 7440 2-in-1 Dell Pro Laptop PC16250 Alienware m15 R7 Inspiron 14 7420 2-in-1 Alienware 16X Aurora AC16251 Alienware x16 R1 Dell Pro Max Slim FCS1250 Dell Slim ECS1250 Alienware Aurora ACT1250 Alienware x14 R2 Inspiron 16 Plus 7630 Dell Pro Max Tower T2 FCT2250 Alienware 18 Area-51 AA18250 Latitude 3420 Inspiron 14 5420 Dell Pro 14 Essential PV14250 Inspiron 16 Plus 7620 Alienware X16 R2

CWE ID-CWE-640

Weak Password Recovery Mechanism for Forgotten Password

CVE-2024-24903

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs