DSA-2024-253: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-Party Component

 

CVEs

More information

Apache

CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Apache Tomcat 

CVE-2024-23672, CVE-2024-24549
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

Bouncy Castle

CVE-2024-30172
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Cpio

CVE-2023-7207
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Commons Compress

CVE-2024-25710
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Containerd

CVE-2022-1996
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Curl

CVE-2024-2004, CVE-2024-2398
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Docker

CVE-2024-23651, CVE-2024-23652, CVE-2024-23653
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Glibc

CVE-2024-2961
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Less

CVE-2022-48624, CVE-2024-32487

See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

libncurses 

CVE-2023-45918 
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

libssh

CVE-2019-14889, CVE-2020-1730, CVE-2021-3634, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918 
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

libxml2

 

CVE-2024-25062
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

libblkid1

CVE-2024-28085
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Kernel

CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Krb5

CVE-2024-26458, CVE-2024-26461
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

NGHTTP2

CVE-2024-28182
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

Open JDK

CVE-2024-20918, CVE-2024-20919, CVE-2024-20921
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Open SSL

CVE-2024-0727, CVE-2024-2511
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Open SSH

CVE-2023-51385
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Postgresql

CVE-2024-1597
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Shim

CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Spring Framework

CVE-2024-22243, CVE-2024-22259
See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Sudo

CVE-2023-42465
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Sysuser-shadow

CVE-2016-9566, CVE-2019-3698

 
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

util-linux

CVE-2024-28085
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

Vim

CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667
See SUSE link below for individual scores for each CVE.

https://www.suse.com/security/cve/
This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs 

Addressed 

Product 

Affected Versions 

Updated Version 

Link to Update 

CVE-2016-9566, CVE-2019-3698, CVE-2019-14889, CVE-2020-1730, CVE-2021-3634, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918, CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2022-1996, CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551, CVE-2022-48624, CVE-2024-32487, CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667, CVE-2023-7207, CVE-2023-38709, CVE-2024-24795, CVE-2024-27316, CVE-2023-42465, CVE-2023-45918, CVE-2023-51385, CVE-2024-0727, CVE-2024-2511, CVE-2024-1597, CVE-2024-2004, CVE-2024-2398, CVE-2024-2961, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-22243, CVE-2024-22259, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-23672, CVE-2024-24549, CVE-2024-25062, CVE-2024-25710, CVE-2024-26458, CVE-2024-26461, CVE-2024-28085, CVE-2024-28085, CVE-2024-28182, CVE-2024-30172

Dell Secure Connect Gateway  

Version 5.22.00.18 

Version 5.24.00.14 or later 

https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

CVEs 

Addressed 

Product 

Affected Versions 

Updated Version 

Link to Update 

CVE-2016-9566, CVE-2019-3698, CVE-2019-14889, CVE-2020-1730, CVE-2021-3634, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918, CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2022-1996, CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551, CVE-2022-48624, CVE-2024-32487, CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667, CVE-2023-7207, CVE-2023-38709, CVE-2024-24795, CVE-2024-27316, CVE-2023-42465, CVE-2023-45918, CVE-2023-51385, CVE-2024-0727, CVE-2024-2511, CVE-2024-1597, CVE-2024-2004, CVE-2024-2398, CVE-2024-2961, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-22243, CVE-2024-22259, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-23672, CVE-2024-24549, CVE-2024-25062, CVE-2024-25710, CVE-2024-26458, CVE-2024-26461, CVE-2024-28085, CVE-2024-28085, CVE-2024-28182, CVE-2024-30172

Dell Secure Connect Gateway  

Version 5.22.00.18 

Version 5.24.00.14 or later 

https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02024-06-11Initial Release
2.02024-06-12Updated table links
3.02024-06-12Updated wording for the versions affected
4.02024-09-13Removed CVE-2023-51767

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Secure Connect Gateway, Secure Connect Gateway
Article Properties
Article Number: 000225991
Article Type: Dell Security Advisory
Last Modified: 13 Sept 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.