Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000222433


DSA-2024-076: Security Update for Dell Secure Connect Gateway Appliance Vulnerabilities

Summary: Dell Secure Connect Gateway Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-Party Component
 
CVEs More information
Apache Tomcat CVE-2023-46589, CVE-2023-44487, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648
 
See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Antisamy CVE-2023-43643 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Exim CVE-2021-38371, CVE-2022-37452, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-51766 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
GCC CVE-2023-4039 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Jackson-databind CVE-2023-35116 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Json CVE-2023-5072 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2023-5717 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Libxml2 CVE-2023-45322 See SUSE link below for each CVE
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Logback CVE-2023-6378, CVE-2023-6481
 
See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Netty CVE-2023-44487 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2023-48795 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-5678, CVE-2023-2650 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Plexus-Utils CVE-2022-4244, CVE-2022-4245 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL CVE-2023-2454, CVE-2023-2455, CVE-2023-5870, CVE-2023-5869, CVE-2023-5868 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Runc CVE-2024-21626 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Snakeyaml CVE-2022-1471 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Springboot-starter CVE-2023-34055 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Sqlite CVE-2023-2137 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Vim CVE-2023-5535 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Xmlsec CVE-2023-44483 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-22457 Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-22458 Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-22457 Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-22458 Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs
Addressed
Product Affected Versions Updated Version Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458 Dell Secure Connect Gateway Version 5.20.00.10 Version 5.22.00.18 https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers
 
CVEs
Addressed
Product Affected Versions Updated Version Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458 Dell Secure Connect Gateway Version 5.20.00.10 Version 5.22.00.18 https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers
 

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02024-02-29Initial Release
2.02024-02-29 Added CVE-2024-22457 and CVE-2024-22458 to Affected Products and Remediation Table

Related Information


Article Properties


Affected Product

Secure Connect Gateway, Secure Connect Gateway

Last Published Date

29 Feb 2024

Version

3

Article Type

Dell Security Advisory