DSA-2025-104: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Zusammenfassung: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Critical

Details

Third-Party Component

CVEs More information
Commons-net CVE-2021-37533 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Glibc CVE-2025-0395 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Grub2 CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118, CVE-2025-1125 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
HttpClient CVE-2020-13956 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel

CVE-2021-47163, CVE-2021-47416, CVE-2021-47612, CVE-2022-48788, CVE-2022-48789, CVE-2022-48790, CVE-2022-48809, CVE-2022-48946, CVE-2022-48949, CVE-2022-48951, CVE-2022-48956, CVE-2022-48958, CVE-2022-48960, CVE-2022-48962, CVE-2022-48966, CVE-2022-48967, CVE-2022-48969, CVE-2022-48971, CVE-2022-48972, CVE-2022-48973, CVE-2024-11187, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12133, CVE-2024-12747, CVE-2024-26644, CVE-2024-26801, CVE-2024-26804, CVE-2024-26852, CVE-2024-26976, CVE-2024-27043, CVE-2024-35847, CVE-2024-36484, CVE-2024-36883, CVE-2024-38538, CVE-2024-38589, CVE-2024-39476, CVE-2024-40965, CVE-2024-41013, CVE-2024-41082, CVE-2024-42114, CVE-2024-42131, CVE-2024-42253, CVE-2024-43374, CVE-2024-44931, CVE-2024-44958, CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-45783, CVE-2024-46724, CVE-2024-46755, CVE-2024-46802, CVE-2024-46809, CVE-2024-46813, CVE-2024-46816, CVE-2024-46818, CVE-2024-46826, CVE-2024-46834, CVE-2024-46840, CVE-2024-46841, CVE-2024-46848, CVE-2024-47141, CVE-2024-47220, CVE-2024-47666, CVE-2024-47670, CVE-2024-47672, CVE-2024-47673, CVE-2024-47674, CVE-2024-47678, CVE-2024-47679, CVE-2024-47684, CVE-2024-47685, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47706, CVE-2024-47707, CVE-2024-47709, CVE-2024-47713, CVE-2024-47735, CVE-2024-47737, CVE-2024-47742, CVE-2024-47745, CVE-2024-47749, CVE-2024-47809, CVE-2024-47814, CVE-2024-48881, CVE-2024-49851, CVE-2024-49860, CVE-2024-49877, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49890, CVE-2024-49891, CVE-2024-49894, CVE-2024-49896, CVE-2024-49901, CVE-2024-49920, CVE-2024-49929, CVE-2024-49936, CVE-2024-49944, CVE-2024-49948, CVE-2024-49949, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49962, CVE-2024-49965, CVE-2024-49966, CVE-2024-49967, CVE-2024-49982, CVE-2024-49991, CVE-2024-49995, CVE-2024-49996, CVE-2024-50006, CVE-2024-50007, CVE-2024-50024, CVE-2024-50033, CVE-2024-50035, CVE-2024-50039, CVE-2024-50045, CVE-2024-50047, CVE-2024-50058, CVE-2024-50099, CVE-2024-50142, CVE-2024-50143, CVE-2024-50151, CVE-2024-50166, CVE-2024-50179, CVE-2024-50194, CVE-2024-50199, CVE-2024-50210, CVE-2024-50211, CVE-2024-50228, CVE-2024-50256, CVE-2024-50262, CVE-2024-50280, CVE-2024-50287, CVE-2024-50299, CVE-2024-52332, CVE-2024-52533, CVE-2024-53057, CVE-2024-53101, CVE-2024-53112, CVE-2024-53136, CVE-2024-53141, CVE-2024-53142, CVE-2024-53144, CVE-2024-53146, CVE-2024-53150, CVE-2024-53155, CVE-2024-53156, CVE-2024-53157, CVE-2024-53172, CVE-2024-53173, CVE-2024-53179, CVE-2024-53185, CVE-2024-53197, CVE-2024-53198, CVE-2024-53210, CVE-2024-53214, CVE-2024-53224, CVE-2024-53227, CVE-2024-53239, CVE-2024-53240, CVE-2024-55916, CVE-2024-56369, CVE-2024-56531, CVE-2024-56532, CVE-2024-56533, CVE-2024-56539, CVE-2024-56548, CVE-2024-56551, CVE-2024-56569, CVE-2024-56570, CVE-2024-56574, CVE-2024-56587, CVE-2024-56593, CVE-2024-56594, CVE-2024-56599, CVE-2024-5660, CVE-2024-56600, CVE-2024-56601, CVE-2024-56603, CVE-2024-56604, CVE-2024-56605, CVE-2024-56606, CVE-2024-56615, CVE-2024-56616,, CVE-2024-56623, CVE-2024-56630, CVE-2024-56631, CVE-2024-56637, CVE-2024-56641, CVE-2024-56642, CVE-2024-56643, CVE-2024-56650, CVE-2024-56661, CVE-2024-56662, CVE-2024-56664, CVE-2024-56681, CVE-2024-56700, CVE-2024-56704, CVE-2024-56722, CVE-2024-56724, CVE-2024-56737, CVE-2024-56739, CVE-2024-56747, CVE-2024-56748, CVE-2024-56756, CVE-2024-56759, CVE-2024-56763, CVE-2024-56769, CVE-2024-57791, CVE-2024-57849, CVE-2024-57884, CVE-2024-57887, CVE-2024-57888, CVE-2024-57890, CVE-2024-57892, CVE-2024-57893, CVE-2024-57896, CVE-2024-57899, CVE-2024-57903, CVE-2024-57922, CVE-2024-57929, CVE-2024-57931, CVE-2024-57932, CVE-2024-57938, CVE-2024-8805, CVE-2024-9681 CVE-2024-26886, CVE-2024-27051, CVE-2024-35937, CVE-2024-36886, CVE-2024-36905, CVE-2024-42098, CVE-2024-42229, CVE-2024-44995, CVE-2024-45016, CVE-2024-46771, CVE-2024-46777, CVE-2024-46800, CVE-2024-47660, CVE-2024-47701, CVE-2024-49858, CVE-2024-49868, CVE-2024-49921, CVE-2024-49925, CVE-2024-49938, CVE-2024-49945, CVE-2024-49950, CVE-2024-49952, CVE-2024-50044, CVE-2024-50055, CVE-2024-50073, CVE-2024-50074, CVE-2024-50095, CVE-2024-50115, CVE-2024-50117, CVE-2024-50125, CVE-2024-50135, CVE-2024-50148, CVE-2024-50150, CVE-2024-50154, CVE-2024-50167, CVE-2024-50171, CVE-2024-50183, CVE-2024-50187, CVE-2024-50195, CVE-2024-50218, CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50264, CVE-2024-50265, CVE-2024-50267, CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50289, CVE-2024-50290, CVE-2024-50296, CVE-2024-50301, CVE-2024-50302, CVE-2024-53058, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53085, CVE-2024-53088, CVE-2024-53104, CVE-2024-53114 CVE-2025-21653, CVE-2025-21664,  CVE-2025-21678, CVE-2025-21682

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Libcurl

CVE-2023-38545, CVE-2025-0167, CVE-2025-0725

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Logback-classic

CVE-2024-12798

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Logback-core

CVE-2024-12798

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Netty

CVE-2024-29025, CVE-2024-47535, CVE-2025-24970

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH

CVE-2025-26465

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL

CVE-2021-3712, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0286, CVE-2023-0215, CVE-2024-5535 

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
spring-context

CVE-2024-38820

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
spring-core

CVE-2024-38820

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
spring-security-web

CVE-2024-38821

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
spring-web

CVE-2024-22262

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Spring-webmvc

CVE-2024-38819, CVE-2024-38820

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies. 
Tomcat-embed-core

CVE-2024-50379, CVE-2024-56337

 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-23382
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.		 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26475 Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active. 5.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-23382
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.		 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26475 Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active. 5.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Product Affected Versions Updated Version Link to Update
Dell Secure Connect Gateway - Appliance Versions prior to 5.28.00.14 Version 5.28.00.14 or later https://www.dell.com/support/product-details/product/secure-connect-gateway-ve/drivers

 

Product Affected Versions Updated Version Link to Update
Dell Secure Connect Gateway - Appliance Versions prior to 5.28.00.14 Version 5.28.00.14 or later https://www.dell.com/support/product-details/product/secure-connect-gateway-ve/drivers

 

Revisionsverlauf

RevisionDateDescription
1.02025-03-04Initial Release
2.02025-03-04Corrected the CVE score URL
3.02025-03-19Updated the CVE description for CVE-2025-26475
4.02025-03-19Updated for enhanced presentation with no changes to the content
5.02025-04-24Removed CVE-2024-13176 from the DSA
6.02025-07-08Updated the category section
7.02025-07-23Updated the category section

 

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual Edition
Artikeleigenschaften
Artikelnummer: 000291028
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 23 Juli 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.