CVE-2024-22457

Name of the Vulnerable Software and Affected Versions Dell Secure Connect Gateway version 5.20

Description The issue is related to an improper authentication vulnerability that occurs during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.

Recommendations For Dell Secure Connect Gateway version 5.20, consider restricting access to the SRS to SCG update path until a patch is available. As a temporary workaround, avoid using self-signed certificates in this update path to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.