DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities
Zusammenfassung: Dell Secure Connect Gateway (SCG) Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
Betroffene Produkte und Korrektur
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
Revisionsverlauf
| Revision | Date | Description |
| 1.0 | 2022-11-10 | Initial Release |
| 2.0 | 2024-04-30 | Updated Affected Products and Remediation table: Updated link |
Danksagung
Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
Secure Connect GatewayArtikeleigenschaften
Artikelnummer: 000204995
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 19 Sep. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.