Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2024-407: Dell Secure Connect Gateway Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Critical

Details

Third-Party Component CVEs More information
Bcprov-jdk15on: 1.54 CVE-2016-1000338, CVE-2016-1000340, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000352, CVE-2018-1000180, CVE-2020-26939 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Bcprov-jdk18on CVE-2024-30172 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
BIND 9 CVE-2024-1737, CVE-2024-1975 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2024-2004, CVE-2024-2398 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Docker CVE-2024-41110 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2020-26558, CVE-2021-0129, CVE-2021-46933, CVE-2021-46955, CVE-2021-47074, CVE-2021-47113, CVE-2021-47131, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47191, CVE-2021-47194, CVE-2021-47197, CVE-2021-47206, CVE-2021-47219, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47295, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47388, CVE-2021-47391, CVE-2021-47395, CVE-2021-47397, CVE-2021-47399, CVE-2021-47400, CVE-2021-47401, CVE-2021-47403, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47438, CVE-2021-47441, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47468, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47501, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47516, CVE-2021-47523, CVE-2021-47541, CVE-2021-47542, CVE-2021-47548, CVE-2021-47559, CVE-2021-47565, CVE-2021-47580, CVE-2021-47582, CVE-2021-47588, CVE-2021-47597, CVE-2021-47599, CVE-2021-47606, CVE-2021-47619, CVE-2022-2964, CVE-2022-20368, CVE-2022-48636, CVE-2022-48650, CVE-2022-48672, CVE-2022-48686, CVE-2022-48697, CVE-2022-48702, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2022-48775, CVE-2022-48792, CVE-2022-48794, CVE-2022-48804, CVE-2022-48805, CVE-2022-48810, CVE-2022-48811, CVE-2022-48823, CVE-2022-48826, CVE-2022-48827, CVE-2022-48828, CVE-2022-48829, CVE-2022-48836, CVE-2022-48839, CVE-2022-48850, CVE-2022-48855, CVE-2022-48857, CVE-2022-48860, CVE-2022-48863, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52435, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52594, CVE-2023-52612, CVE-2023-52615, CVE-2023-52619, CVE-2023-52623, CVE-2023-52646, CVE-2023-52653, CVE-2023-52655, CVE-2023-52664, CVE-2023-52669, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52743, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2023-52885, CVE-2024-0639, CVE-2024-26615, CVE-2024-26625, CVE-2024-26659, CVE-2024-26663, CVE-2024-26735, CVE-2024-26739, CVE-2024-26752, CVE-2024-26775, CVE-2024-26791, CVE-2024-26828, CVE-2024-26830, CVE-2024-26846, CVE-2024-26874, CVE-2024-26876, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26920, CVE-2024-26921, CVE-2024-26924, CVE-2024-26929, CVE-2024-26930, CVE-2024-26931, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27008, CVE-2024-27019, CVE-2024-27020, CVE-2024-27025, CVE-2024-27054, CVE-2024-27059, CVE-2024-27062, CVE-2024-27388, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-27437, CVE-2024-35789, CVE-2024-35791, CVE-2024-35806, CVE-2024-35809, CVE-2024-35811, CVE-2024-35819, CVE-2024-35830, CVE-2024-35837, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35887, CVE-2024-35893, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35934, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35949, CVE-2024-35955, CVE-2024-35966, CVE-2024-35967, CVE-2024-35969, CVE-2024-35978, CVE-2024-35982, CVE-2024-35995, CVE-2024-36004, CVE-2024-36015, CVE-2024-36029, CVE-2024-36288, CVE-2024-36592, CVE-2024-36901, CVE-2024-36902, CVE-2024-36919, CVE-2024-36924, CVE-2024-36939, CVE-2024-36952, CVE-2024-36954, CVE-2024-38558, CVE-2024-38560, CVE-2024-38630, CVE-2024-39487, CVE-2024-39488, CVE-2024-39490, CVE-2024-39494, CVE-2024-39499, CVE-2024-39501, CVE-2024-39506, CVE-2024-39507, CVE-2024-39509, CVE-2024-40901, CVE-2024-40904, CVE-2024-40912, CVE-2024-40923, CVE-2024-40929, CVE-2024-40932, CVE-2024-40937, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40953, CVE-2024-40959, CVE-2024-40966, CVE-2024-40967, CVE-2024-40978, CVE-2024-40982, CVE-2024-40987, CVE-2024-40988, CVE-2024-40990, CVE-2024-40995, CVE-2024-40998, CVE-2024-40999, CVE-2024-41014, CVE-2024-41015, CVE-2024-41016, CVE-2024-41044, CVE-2024-41048, CVE-2024-41059, CVE-2024-41060, CVE-2024-41063, CVE-2024-41064, CVE-2024-41066, CVE-2024-41070, CVE-2024-41071, CVE-2024-41072, CVE-2024-41078, CVE-2024-41081, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091, CVE-2024-41095, CVE-2024-42070, CVE-2024-42093, CVE-2024-42096, CVE-2024-42119, CVE-2024-42120, CVE-2024-42124, CVE-2024-42145, CVE-2024-42223, CVE-2024-42224 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Krb5 CVE-2024-37370, CVE-2024-37371 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Libxml CVE-2024-34459 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
OpenJdk CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20925, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Openssl CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2024-0397, CVE-2024-4032 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Spring-webmvc CVE-2024-38816 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Tomcat-embed-core CVE-2024-34750 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
unixODBC CVE-2024-1013 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Wget CVE-2024-38428 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Zypper CVE-2017-9271 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.
Exim through 4.97.1 CVE-2024-39929 See SUSE link below for individual scores for each CVE.
https://www.suse.com/security/cve/ This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-47240 Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-47241
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.
5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-48016

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. 

4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-47240 Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-47241
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.
5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-48016

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. 

4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link
Dell Secure Connect Gateway Version 5.24.00.14 Version 5.26.00.18 or later https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
Product Affected Versions Updated Versions Link
Dell Secure Connect Gateway Version 5.24.00.14 Version 5.26.00.18 or later https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers

Revision History

RevisionDateDescription
1.02024-10-17Initial Release
2.02024-10-18Updated the CVE description for CVE-2024-48016 and CVE-2024-47241
3.02024-11-05Added CVE-2024-39929

Related Information

Affected Products

Secure Connect Gateway - Virtual Edition
Article Properties
Article Number: 000237211
Article Type: Dell Security Advisory
Last Modified: 05 Nov 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.