DSA-2023-321: Security Update for Dell Secure Connect Gateway Security Policy Manager Vulnerabilities
Resumen: Dell Secure Connect Gateway Policy Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
High
Detalles
| Third-party Component | CVEs | More Information |
|---|---|---|
| Spring Boot | CVE-2023-20883 | See NVD for individual scores for each CVE http://nvd.nist.gov/  |
| Apache Tomcat | CVE-2023-34981 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Google Guava | CVE-2023-2976 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Bouncy Castle | CVE-2023-33201 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Azul Systems JRE 1.8 | CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968 |
See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| VMWare Tools | CVE-2023-20867 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Corrección y productos afectados
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-20867, CVE-2023-20883, CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968, CVE-2023-2976, CVE-2023-33201, CVE-2023-34981, CVE-2023-39252 |
SCG Policy Manager | Version 5.16.00.14 | Version 5.18.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-20867, CVE-2023-20883, CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968, CVE-2023-2976, CVE-2023-33201, CVE-2023-34981, CVE-2023-39252 |
SCG Policy Manager | Version 5.16.00.14 | Version 5.18.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads |
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-09-20 | Initial Release |
| 2.0 | 2023-09-21 | Updating for enhanced presentation with no changes to content |
| 3.0 | 2023-10-04 | Updated hyperlinks in Affected Products and Remediation section. |
Información relacionada
Descargo de responsabilidad
Productos afectados
Secure Connect Gateway, Secure Connect GatewayPropiedades del artículo
Número del artículo: 000217683
Tipo de artículo: Dell Security Advisory
Última modificación: 04 oct 2023
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.