CVE-2023-39252 - OpenCVE

Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Secure Connect Gateway Policy Manager

Configuration 1 [-]

cpe:2.3:a:dell:secure_connect_gateway_policy_manager:5.16.00.14:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-09-21T05:32:07.979Z

Updated: 2024-08-02T18:02:06.888Z

Reserved: 2023-07-26T08:15:44.774Z

Link: CVE-2023-39252

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-21T06:15:12.993

Modified: 2023-09-23T03:43:14.050

Link: CVE-2023-39252

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39252", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-07-26T08:15:44.774Z", "datePublished": "2023-09-21T05:32:07.979Z", "dateUpdated": "2024-08-02T18:02:06.888Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Secure Connect Gateway (SCG) Policy Manager", "vendor": "Dell", "versions": [{"status": "affected", "version": "5.16.00.14"}]}], "datePublic": "2023-09-20T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.</span>\n\n"}], "value": "\nDell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-09-21T05:32:07.979Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.888Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:secure_connect_gateway_policy_manager:5.16.00.14:*:*:*:*:*:*:*", "matchCriteriaId": "13E7FE0D-4D35-4187-8958-2761F93E5CCA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nDell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.\n\n"}, {"lang": "es", "value": "Dell SCG Policy Manager 5.16.00.14 contiene una vulnerabilidad de algoritmo criptogr\u00e1fico roto. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad realizando ataques MitM y permitiendo que los atacantes obtengan informaci\u00f3n sensible.\n"}], "id": "CVE-2023-39252", "lastModified": "2023-09-23T03:43:14.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-09-21T06:15:12.993", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "security_alert@emc.com", "type": "Primary"}]}