DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Samenvatting: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

Critical

Gegevens

Third-party Component CVEs More information
Apache CVE-2021-37533, CVE-2022-40146, CVE-2023-25690, CVE-2023-27522, CVE-2022-42252, CVE-2023-24998, CVE-2023-28708 https://nvd.nist.gov/vuln/detail/CVE-2021-37533This hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-40146.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-25690.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27522.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-42252.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-24998.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-28708This hyperlink is taking you to a website outside of Dell Technologies.
WoodStox CVE-2022-40152 https://www.suse.com/security/cve/CVE-2022-40152.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Json CVE-2023-1370, CVE-2022-45688 https://nvd.nist.gov/vuln/detail/CVE-2023-1370This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-45688This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 https://www.suse.com/security/cve/CVE-2023-27533.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27534.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27535.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27536.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27538.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 https://www.suse.com/security/cve/CVE-2022-21619.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21624.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21626.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21628.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Jettison CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2022-45693, CVE-2023-1436 https://www.suse.com/security/cve/CVE-2022-40149.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-40150.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-45685.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-45693.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-1436.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2017-5754, CVE-2021-4203, CVE-2022-2991, CVE-2022-4129, CVE-2022-4662, CVE-2022-36280, CVE-2022-38096, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-23559, CVE-2023-26545 https://www.suse.com/security/cve/CVE-2017-5754.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-4203.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-2991.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-4129.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-4662.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-36280.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38096.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-47929.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0045.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0266.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0590.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0597.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-1118.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-23559.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-26545.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libbind9-161 CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 https://www.suse.com/security/cve/CVE-2022-2795.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38177.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38178.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Openssl CVE-2022-4450, CVE-2023-0215, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 https://www.suse.com/security/cve/CVE-2022-4450.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0215.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0464.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0465.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0466.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2022-45061, CVE-2023-24329 https://www.suse.com/security/cve/CVE-2022-45061.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-24329.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Springframework CVE-2022-22950, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863, CVE-2023-20873 https://nvd.nist.gov/vuln/detail/CVE-2022-22950This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-22970This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-22971This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20861This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20863This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20873This hyperlink is taking you to a website outside of Dell Technologies.
TAR CVE-2022-48303 https://www.suse.com/security/cve/CVE-2022-48303.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://www.suse.com/security/cve/CVE-2022-25147.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libpcre2-8-0 CVE-2022-1587 https://www.suse.com/security/cve/CVE-2022-1587.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libX11 CVE-2022-3555 https://www.suse.com/security/cve/CVE-2022-3555.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt1 CVE-2021-30560 https://www.suse.com/security/cve/CVE-2021-30560.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
TCL suse-su-20223653-1 https://www.suse.com/pt-br/support/update/announcement/2022/suse-su-20223653-1/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-28043 Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-28043 Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Remediated Versions Link
Dell Secure Connect Gateway Version 5.14.00.16 Version 5.16 https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
 
Product Affected Versions Remediated Versions Link
Dell Secure Connect Gateway Version 5.14.00.16 Version 5.16 https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
 

Revisiegeschiedenis

RevisionDateDescription
1.02023-05-31Initial Release
2.02023-06-19Updated Proprietary code CVE score and CVSS Vector String
3.02023-09-01Updated for enhanced presentation with no changes to content. Added external link icons.

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

Secure Connect Gateway, Secure Connect Gateway - Virtual Edition
Artikeleigenschappen
Artikelnummer: 000214205
Artikeltype: Dell Security Advisory
Laatst aangepast: 19 sep. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.