Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Dell Financial Services Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities

Summary: Dell Secure Connect Gateway (SCG) Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Proprietary Code CVEs   Description   CVSS Base Score   CVSS Vector String   
CVE-2022-34440 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34441
 		 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.0 HIGH
 		 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34442 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. 8.0 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34462 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVEs More information
SUSE Enterprise 12 SP5 CVE-2022-1292 
 		 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
 
SUSE Enterprise 12 SP5 CVE-2022-2068
 
org.yaml.snakeyaml CVE-2022-38752
 
com.fasterxml.jackson CVE-2022-42003
 
CVE-2022-42004
 
Proprietary Code CVEs   Description   CVSS Base Score   CVSS Vector String   
CVE-2022-34440 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34441
 		 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.0 HIGH
 		 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34442 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. 8.0 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVE-2022-34462 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-Party Component
 		 CVEs More information
SUSE Enterprise 12 SP5 CVE-2022-1292 
 		 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
 
SUSE Enterprise 12 SP5 CVE-2022-2068
 
org.yaml.snakeyaml CVE-2022-38752
 
com.fasterxml.jackson CVE-2022-42003
 
CVE-2022-42004
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Version Updated Version Link to Update
CVE-2022-1292  Dell SCG Policy Manager 5.12.00.00 5.14.00.00 Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US
CVE-2022-2068
CVE-2022-34440
CVE-2022-34441
CVE-2022-34442
CVE-2022-34462
CVE-2022-42003
CVE-2022-42004
CVEs Addressed Product Affected Version Updated Version Link to Update
CVE-2022-1292  Dell SCG Policy Manager 5.12.00.00 5.14.00.00 Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US
CVE-2022-2068
CVE-2022-34440
CVE-2022-34441
CVE-2022-34442
CVE-2022-34462
CVE-2022-42003
CVE-2022-42004

Revision History

RevisionDateDescription
1.02022-11-10Initial Release
2.02024-04-30Updated Affected Products and Remediation table: Updated link 

Acknowledgements

Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Secure Connect Gateway
Article Properties
Article Number: 000204995
Article Type: Dell Security Advisory
Last Modified: 30 Apr 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.