DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities
Oversigt: Dell Secure Connect Gateway (SCG) Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Virkning
Critical
Oplysninger
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
Berørte produkter og udbedring
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
Revisionshistorik
| Revision | Date | Description |
| 1.0 | 2022-11-10 | Initial Release |
| 2.0 | 2024-04-30 | Updated Affected Products and Remediation table: Updated link |
Bekræftelser
Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
Relaterede oplysninger
Ansvarsfraskrivelse
Berørte produkter
Secure Connect GatewayArtikelegenskaber
Artikelnummer: 000204995
Artikeltype: Dell Security Advisory
Senest ændret: 19 sep. 2025
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.