Skip to main content
Sign Out
Welcome to Dell
My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us
Your Dell.com Carts

Article Number: 000204995

DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities

Summary: Dell Secure Connect Gateway (SCG) Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVEs   Description   CVSS Base Score   CVSS Vector String   
CVE-2022-34440 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34441
 		 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.0 HIGH
 		 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34442 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. 8.0 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34462 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVEs More information
SUSE Enterprise 12 SP5 CVE-2022-1292 
 		 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
 
SUSE Enterprise 12 SP5 CVE-2022-2068
 
org.yaml.snakeyaml CVE-2022-38752
 
com.fasterxml.jackson CVE-2022-42003
 
CVE-2022-42004
 
Proprietary Code CVEs   Description   CVSS Base Score   CVSS Vector String   
CVE-2022-34440 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34441
 		 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.0 HIGH
 		 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34442 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. 8.0 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34462 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVEs More information
SUSE Enterprise 12 SP5 CVE-2022-1292 
 		 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
 
SUSE Enterprise 12 SP5 CVE-2022-2068
 
org.yaml.snakeyaml CVE-2022-38752
 
com.fasterxml.jackson CVE-2022-42003
 
CVE-2022-42004
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Version Updated Version Link to Update
CVE-2022-1292  Dell SCG Policy Manager 5.12.00.00 5.14.00.00 SCG PM Download Page
CVE-2022-2068
CVE-2022-34440
CVE-2022-34441
CVE-2022-34442
CVE-2022-34462
CVE-2022-42003
CVE-2022-42004
CVEs Addressed Product Affected Version Updated Version Link to Update
CVE-2022-1292  Dell SCG Policy Manager 5.12.00.00 5.14.00.00 SCG PM Download Page
CVE-2022-2068
CVE-2022-34440
CVE-2022-34441
CVE-2022-34442
CVE-2022-34462
CVE-2022-42003
CVE-2022-42004

Acknowledgements

Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
 

Revision History

RevisionDateDescription
1.02022-11-10Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Secure Connect Gateway

Last Published Date

10 Nov 2022

Version

2

Article Type

Dell Security Advisory

Back to Top