DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities
概要: Dell Secure Connect Gateway (SCG) Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
影響を受ける製品と修復
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
変更履歴
| Revision | Date | Description |
| 1.0 | 2022-11-10 | Initial Release |
| 2.0 | 2024-04-30 | Updated Affected Products and Remediation table: Updated link |
確認
Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
関連情報
法的免責事項
対象製品
Secure Connect Gateway文書のプロパティ
文書番号: 000204995
文書の種類: Dell Security Advisory
最終更新: 19 9月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。