DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities
Podsumowanie: Dell Secure Connect Gateway (SCG) Policy Manager contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Ten artykuł dotyczy
Ten artykuł nie dotyczy
Ten artykuł nie jest powiązany z żadnym konkretnym produktem.
Nie wszystkie wersje produktu zostały zidentyfikowane w tym artykule.
Skutki
Critical
Szczegóły
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34440 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34441 |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.0 HIGH |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34442 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | 8.0 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
| CVE-2022-34462 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 8.4 HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-Party Component |
CVEs | More information |
| SUSE Enterprise 12 SP5 | CVE-2022-1292 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE |
| SUSE Enterprise 12 SP5 | CVE-2022-2068 |
|
| org.yaml.snakeyaml | CVE-2022-38752 |
|
| com.fasterxml.jackson | CVE-2022-42003 |
|
| CVE-2022-42004 |
Produkty, których dotyczy problem, i środki zaradcze
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
| CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
| CVE-2022-1292 | Dell SCG Policy Manager | 5.12.00.00 | 5.14.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads | Dell US |
| CVE-2022-2068 | ||||
| CVE-2022-34440 | ||||
| CVE-2022-34441 | ||||
| CVE-2022-34442 | ||||
| CVE-2022-34462 | ||||
| CVE-2022-42003 | ||||
| CVE-2022-42004 |
Historia zmian
| Revision | Date | Description |
| 1.0 | 2022-11-10 | Initial Release |
| 2.0 | 2024-04-30 | Updated Affected Products and Remediation table: Updated link |
Podziękowania
Dell would like to thank Matei "Mal" Badanoiu and sradulea for reporting CVE-2022-34440, CVE-2022-34441, CVE-2022-34442 and CVE-2022-34462.
Powiązane informacje
Zastrzeżenie prawne
Produkty, których dotyczy problem
Secure Connect GatewayWłaściwości artykułu
Numer artykułu: 000204995
Typ artykułu: Dell Security Advisory
Ostatnia modyfikacja: 19 wrz 2025
Znajdź odpowiedzi na swoje pytania u innych użytkowników produktów Dell
Usługi pomocy technicznej
Sprawdź, czy Twoje urządzenie jest objęte usługą pomocy technicznej.