DSA-2024-076: Security Update for Dell Secure Connect Gateway Appliance Vulnerabilities

Obsah

Podrobný článok

Dosah

Podrobnosti

Dotknuté produkty a riešenie problému

Alternatívne riešenia a zmiernenia

História revízií

Súvisiace informácie

Legal Disclaimer

Dotknuté produkty

Poskytnutie spätnej väzby

Zhrnutie: Dell Secure Connect Gateway Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Tento článok sa vzťahuje na Tento článok sa nevzťahuje na Tento článok nie je viazaný na žiadny konkrétny produkt. V tomto článku nie sú uvedené všetky verzie produktov.

Pozrite si ďalšie zdroje

Dosah

Critical

Podrobnosti

Third-Party Component	CVEs	More information
Apache Tomcat	CVE-2023-46589, CVE-2023-44487, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Antisamy	CVE-2023-43643	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Exim	CVE-2021-38371, CVE-2022-37452, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-51766	See SUSE link below for each CVE. https://www.suse.com
GCC	CVE-2023-4039	See SUSE link below for each CVE. https://www.suse.com
Jackson-databind	CVE-2023-35116	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Json	CVE-2023-5072	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Kernel	CVE-2023-5717	See SUSE link below for each CVE. https://www.suse.com
Libxml2	CVE-2023-45322	See SUSE link below for each CVE https://www.suse.com
Logback	CVE-2023-6378, CVE-2023-6481	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Netty	CVE-2023-44487	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
OpenSSH	CVE-2023-48795	See SUSE link below for each CVE. https://www.suse.com
OpenSSL	CVE-2023-5678, CVE-2023-2650	See SUSE link below for each CVE. https://www.suse.com
Plexus-Utils	CVE-2022-4244, CVE-2022-4245	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
PostgreSQL	CVE-2023-2454, CVE-2023-2455, CVE-2023-5870, CVE-2023-5869, CVE-2023-5868	See SUSE link below for each CVE. https://www.suse.com
Runc	CVE-2024-21626	See SUSE link below for each CVE. https://www.suse.com
Snakeyaml	CVE-2022-1471	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Springboot-starter	CVE-2023-34055	See NVD link below for individual scores for each CVE. https://nvd.nist.gov
Sqlite	CVE-2023-2137	See SUSE link below for each CVE. https://www.suse.com
Vim	CVE-2023-5535	See SUSE link below for each CVE. https://www.suse.com
Xmlsec	CVE-2023-44483	See NVD link below for individual scores for each CVE. https://nvd.nist.gov

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22457	Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.	7.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2024-22458	Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.	3.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-22457	Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.	7.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2024-22458	Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.	3.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Dell Technologies odporúča všetkým svojim zákazníkom, aby sa riadili nielen základným skóre CVSS, ale aj prechodným skóre a skóre závažnosti v konkrétnych prostrediach, na základe ktorého môžu vyhodnotiť celkové riziko vo vlastnom prostredí.

Dotknuté produkty a riešenie problému

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458	Dell Secure Connect Gateway	Version 5.20.00.10	Version 5.22.00.18	https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

CVEs Addressed	Product	Affected Versions	Updated Version	Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458	Dell Secure Connect Gateway	Version 5.20.00.10	Version 5.22.00.18	https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers

Alternatívne riešenia a zmiernenia

None

História revízií

Revision	Date	Description
1.0	2024-02-29	Initial Release
2.0	2024-02-29	Added CVE-2024-22457 and CVE-2024-22458 to Affected Products and Remediation Table

Súvisiace informácie

Legal Disclaimer

Dotknuté produkty

Secure Connect Gateway, Secure Connect Gateway

Číslo článku: 000222433

Typ článku: Dell Security Advisory

Dátum poslednej úpravy: 29 feb 2024

Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.

DSA-2024-076: Security Update for Dell Secure Connect Gateway Appliance Vulnerabilities

Zhrnutie: Dell Secure Connect Gateway Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dosah

Podrobnosti

Dotknuté produkty a riešenie problému

Alternatívne riešenia a zmiernenia

História revízií

Súvisiace informácie

Legal Disclaimer

Dotknuté produkty

Vlastnosti článku

Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell

Služby podpory

Vlastnosti článku

Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell

Služby podpory