DSA-2024-076: Security Update for Dell Secure Connect Gateway Appliance Vulnerabilities

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell Secure Connect Gateway Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-Party Component	CVEs	More information
Apache Tomcat	CVE-2023-46589, CVE-2023-44487, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Antisamy	CVE-2023-43643	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Exim	CVE-2021-38371, CVE-2022-37452, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-51766	See SUSE link below for each CVE. https://www.suse.com
GCC	CVE-2023-4039	See SUSE link below for each CVE. https://www.suse.com
Jackson-databind	CVE-2023-35116	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Json	CVE-2023-5072	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Kernel	CVE-2023-5717	See SUSE link below for each CVE. https://www.suse.com
Libxml2	CVE-2023-45322	See SUSE link below for each CVE https://www.suse.com
Logback	CVE-2023-6378, CVE-2023-6481	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Netty	CVE-2023-44487	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
OpenSSH	CVE-2023-48795	See SUSE link below for each CVE. https://www.suse.com
OpenSSL	CVE-2023-5678, CVE-2023-2650	See SUSE link below for each CVE. https://www.suse.com
Plexus-Utils	CVE-2022-4244, CVE-2022-4245	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
PostgreSQL	CVE-2023-2454, CVE-2023-2455, CVE-2023-5870, CVE-2023-5869, CVE-2023-5868	See SUSE link below for each CVE. https://www.suse.com
Runc	CVE-2024-21626	See SUSE link below for each CVE. https://www.suse.com
Snakeyaml	CVE-2022-1471	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Springboot-starter	CVE-2023-34055	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Sqlite	CVE-2023-2137	See SUSE link below for each CVE. https://www.suse.com
Vim	CVE-2023-5535	See SUSE link below for each CVE. https://www.suse.com
Xmlsec	CVE-2023-44483	See NVD link below for individual scores for each CVE. https://nvd.nist.gov

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22457	Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.	7.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2024-22458	Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.	3.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22457	Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.	7.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2024-22458	Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.	3.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458	Dell Secure Connect Gateway	Version 5.20.00.10	Version 5.22.00.18	https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458	Dell Secure Connect Gateway	Version 5.20.00.10	Version 5.22.00.18	https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

Workarounds & Mitigations

None

Revision History

Revision	Date	Description
1.0	2024-02-29	Initial Release
2.0	2024-02-29	Added CVE-2024-22457 and CVE-2024-22458 to Affected Products and Remediation Table

Related Information

Legal Disclaimer

Affected Products

Secure Connect Gateway, Secure Connect Gateway

Article Number: 000222433

Article Type: Dell Security Advisory

Last Modified: 29 Feb 2024

Check if your device is covered by Support Services.

DSA-2024-076: Security Update for Dell Secure Connect Gateway Appliance Vulnerabilities

Summary: Dell Secure Connect Gateway Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services