CVE-2024-22458

{"id": "CVE-2024-22458", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-03-01T11:15:07.910", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext."}, {"lang": "es", "value": "Dell Secure Connect Gateway, versi\u00f3n 5.18, contiene una vulnerabilidad de potencia de cifrado inadecuada. Un atacante de red no autenticado podr\u00eda explotar esta vulnerabilidad, permiti\u00e9ndole recuperar texto plano de un bloque de texto cifrado."}], "lastModified": "2024-12-04T17:19:03.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:secure_connect_gateway:5.18.00.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E10EB5A-FB95-4552-8A4E-5E281B74CD4E"}, {"criteria": "cpe:2.3:a:dell:secure_connect_gateway:5.20.00.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "695282FB-1C4A-4D78-95D4-F3F17E04F1BA"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}