DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities
Shrnutí: Dell Secure Connect Gateway (SCG) Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tento článek se vztahuje na
Tento článek se nevztahuje na
Tento článek není vázán na žádný konkrétní produkt.
V tomto článku nejsou uvedeny všechny verze produktu.
Vliv
Critical
Podrobnosti
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
Dotčené produkty a náprava
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
Historie změn
| Revision | Date | Description |
| 1.0 | 2022-11-10 | Initial Release |
| 2.0 | 2024-04-30 | Updated Affected Products and Remediation table: Updated link |
Přijetí
Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
Související informace
Právní upozornění
Dotčené produkty
Secure Connect GatewayVlastnosti článku
Číslo článku: 000204995
Typ článku: Dell Security Advisory
Poslední úprava: 19 zář 2025
Najděte odpovědi na své otázky od ostatních uživatelů společnosti Dell
Služby podpory
Zkontrolujte, zda se na vaše zařízení vztahují služby podpory.