DSA-2024-253: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities

Zusammenfassung: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Critical

Details

Third-Party Component

 

CVEs

More information

Apache

CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Apache Tomcat 

CVE-2024-23672, CVE-2024-24549
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

Bouncy Castle

CVE-2024-30172
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Cpio

CVE-2023-7207
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Commons Compress

CVE-2024-25710
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Containerd

CVE-2022-1996
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Curl

CVE-2024-2004, CVE-2024-2398
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Docker

CVE-2024-23651, CVE-2024-23652, CVE-2024-23653
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Glibc

CVE-2024-2961
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Less

CVE-2022-48624, CVE-2024-32487

See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

libncurses 

CVE-2023-45918 
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

libssh

CVE-2019-14889, CVE-2020-1730, CVE-2021-3634, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918 
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

libxml2

 

CVE-2024-25062
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

libblkid1

CVE-2024-28085
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Kernel

CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Krb5

CVE-2024-26458, CVE-2024-26461
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

NGHTTP2

CVE-2024-28182
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

Open JDK

CVE-2024-20918, CVE-2024-20919, CVE-2024-20921
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Open SSL

CVE-2024-0727, CVE-2024-2511
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Open SSH

CVE-2023-51385
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Postgresql

CVE-2024-1597
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Shim

CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Spring Framework

CVE-2024-22243, CVE-2024-22259
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Sudo

CVE-2023-42465
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Sysuser-shadow

CVE-2016-9566, CVE-2019-3698

 
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

util-linux

CVE-2024-28085
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

Vim

CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

CVEs 

Addressed 

Product 

Affected Versions 

Updated Version 

Link to Update 

CVE-2016-9566, CVE-2019-3698, CVE-2019-14889, CVE-2020-1730, CVE-2021-3634, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918, CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2022-1996, CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551, CVE-2022-48624, CVE-2024-32487, CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667, CVE-2023-7207, CVE-2023-38709, CVE-2024-24795, CVE-2024-27316, CVE-2023-42465, CVE-2023-45918, CVE-2023-51385, CVE-2024-0727, CVE-2024-2511, CVE-2024-1597, CVE-2024-2004, CVE-2024-2398, CVE-2024-2961, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-22243, CVE-2024-22259, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-23672, CVE-2024-24549, CVE-2024-25062, CVE-2024-25710, CVE-2024-26458, CVE-2024-26461, CVE-2024-28085, CVE-2024-28085, CVE-2024-28182, CVE-2024-30172

Dell Secure Connect Gateway  

Version 5.22.00.18 

Version 5.24.00.14 or later 

https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

CVEs 

Addressed 

Product 

Affected Versions 

Updated Version 

Link to Update 

CVE-2016-9566, CVE-2019-3698, CVE-2019-14889, CVE-2020-1730, CVE-2021-3634, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918, CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2022-1996, CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551, CVE-2022-48624, CVE-2024-32487, CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667, CVE-2023-7207, CVE-2023-38709, CVE-2024-24795, CVE-2024-27316, CVE-2023-42465, CVE-2023-45918, CVE-2023-51385, CVE-2024-0727, CVE-2024-2511, CVE-2024-1597, CVE-2024-2004, CVE-2024-2398, CVE-2024-2961, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-22243, CVE-2024-22259, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-23672, CVE-2024-24549, CVE-2024-25062, CVE-2024-25710, CVE-2024-26458, CVE-2024-26461, CVE-2024-28085, CVE-2024-28085, CVE-2024-28182, CVE-2024-30172

Dell Secure Connect Gateway  

Version 5.22.00.18 

Version 5.24.00.14 or later 

https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

Workarounds und Korrekturmaßnahmen

None

Revisionsverlauf

RevisionDateDescription
1.02024-06-11Initial Release
2.02024-06-12Updated table links
3.02024-06-12Updated wording for the versions affected
4.02024-09-13Removed CVE-2023-51767

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

Secure Connect Gateway, Secure Connect Gateway
Artikeleigenschaften
Artikelnummer: 000225991
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 13 Sept. 2024
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.