Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000214205


DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Summary: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-party Component CVEs More information
Apache CVE-2021-37533, CVE-2022-40146, CVE-2023-25690, CVE-2023-27522, CVE-2022-42252, CVE-2023-24998, CVE-2023-28708 https://nvd.nist.gov/vuln/detail/CVE-2021-37533This hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-40146.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-25690.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27522.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-42252.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-24998.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-28708This hyperlink is taking you to a website outside of Dell Technologies.
WoodStox CVE-2022-40152 https://www.suse.com/security/cve/CVE-2022-40152.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Json CVE-2023-1370, CVE-2022-45688 https://nvd.nist.gov/vuln/detail/CVE-2023-1370This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-45688This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 https://www.suse.com/security/cve/CVE-2023-27533.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27534.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27535.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27536.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27538.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 https://www.suse.com/security/cve/CVE-2022-21619.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21624.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21626.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21628.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Jettison CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2022-45693, CVE-2023-1436 https://www.suse.com/security/cve/CVE-2022-40149.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-40150.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-45685.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-45693.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-1436.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2017-5754, CVE-2021-4203, CVE-2022-2991, CVE-2022-4129, CVE-2022-4662, CVE-2022-36280, CVE-2022-38096, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-23559, CVE-2023-26545 https://www.suse.com/security/cve/CVE-2017-5754.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-4203.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-2991.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-4129.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-4662.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-36280.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38096.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-47929.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0045.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0266.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0590.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0597.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-1118.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-23559.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-26545.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libbind9-161 CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 https://www.suse.com/security/cve/CVE-2022-2795.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38177.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38178.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Openssl CVE-2022-4450, CVE-2023-0215, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 https://www.suse.com/security/cve/CVE-2022-4450.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0215.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0464.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0465.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0466.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2022-45061, CVE-2023-24329 https://www.suse.com/security/cve/CVE-2022-45061.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-24329.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Springframework CVE-2022-22950, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863, CVE-2023-20873 https://nvd.nist.gov/vuln/detail/CVE-2022-22950This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-22970This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-22971This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20861This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20863This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20873This hyperlink is taking you to a website outside of Dell Technologies.
TAR CVE-2022-48303 https://www.suse.com/security/cve/CVE-2022-48303.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://www.suse.com/security/cve/CVE-2022-25147.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libpcre2-8-0 CVE-2022-1587 https://www.suse.com/security/cve/CVE-2022-1587.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libX11 CVE-2022-3555 https://www.suse.com/security/cve/CVE-2022-3555.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt1 CVE-2021-30560 https://www.suse.com/security/cve/CVE-2021-30560.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
TCL suse-su-20223653-1 https://www.suse.com/pt-br/support/update/announcement/2022/suse-su-20223653-1/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-28043 Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-28043 Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Remediated Versions Link
Dell Secure Connect Gateway Version 5.14.00.16 Version 5.16 https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
 
Product Affected Versions Remediated Versions Link
Dell Secure Connect Gateway Version 5.14.00.16 Version 5.16 https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
 

Revision History

RevisionDateDescription
1.02023-05-31Initial Release
2.02023-06-19Updated Proprietary code CVE score and CVSS Vector String
3.02023-09-01Updated for enhanced presentation with no changes to content. Added external link icons.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Secure Connect Gateway, Secure Connect Gateway - Virtual Edition

Last Published Date

01 Sept 2023

Version

5

Article Type

Dell Security Advisory