CVE-2024-28967

Name of the Vulnerable Software and Affected Versions Dell SCG versions prior to 5.24.00.00

Description The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API. This could allow a remote low privileged attacker to execute certain APIs applicable only for Admin Users on the application's backend database, potentially granting unauthorized access to restricted resources and allowing changes to the state.

Recommendations For versions prior to 5.24.00.00, update to version 5.24.00.00 or later to resolve the issue. As a temporary workaround, consider disabling the internal maintenance REST API until a patch is available. Restrict access to the SCG to minimize the risk of exploitation.