DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

摘要: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

影響

Critical

詳細資料

Third-party Component CVEs More information
Apache CVE-2021-37533, CVE-2022-40146, CVE-2023-25690, CVE-2023-27522, CVE-2022-42252, CVE-2023-24998, CVE-2023-28708 https://nvd.nist.gov/vuln/detail/CVE-2021-37533This hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-40146.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-25690.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27522.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-42252.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-24998.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-28708This hyperlink is taking you to a website outside of Dell Technologies.
WoodStox CVE-2022-40152 https://www.suse.com/security/cve/CVE-2022-40152.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Json CVE-2023-1370, CVE-2022-45688 https://nvd.nist.gov/vuln/detail/CVE-2023-1370This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-45688This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 https://www.suse.com/security/cve/CVE-2023-27533.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27534.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27535.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27536.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-27538.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628 https://www.suse.com/security/cve/CVE-2022-21619.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21624.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21626.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-21628.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Jettison CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2022-45693, CVE-2023-1436 https://www.suse.com/security/cve/CVE-2022-40149.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-40150.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-45685.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-45693.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-1436.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2017-5754, CVE-2021-4203, CVE-2022-2991, CVE-2022-4129, CVE-2022-4662, CVE-2022-36280, CVE-2022-38096, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-23559, CVE-2023-26545 https://www.suse.com/security/cve/CVE-2017-5754.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2021-4203.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-2991.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-4129.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-4662.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-36280.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38096.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-47929.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0045.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0266.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0590.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0597.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-1118.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-23559.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-26545.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libbind9-161 CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 https://www.suse.com/security/cve/CVE-2022-2795.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38177.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2022-38178.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Openssl CVE-2022-4450, CVE-2023-0215, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 https://www.suse.com/security/cve/CVE-2022-4450.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0215.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0464.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0465.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-0466.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2022-45061, CVE-2023-24329 https://www.suse.com/security/cve/CVE-2022-45061.htmlThis hyperlink is taking you to a website outside of Dell Technologies., https://www.suse.com/security/cve/CVE-2023-24329.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
Springframework CVE-2022-22950, CVE-2022-22970, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863, CVE-2023-20873 https://nvd.nist.gov/vuln/detail/CVE-2022-22950This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-22970This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2022-22971This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20861This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20863This hyperlink is taking you to a website outside of Dell Technologies., https://nvd.nist.gov/vuln/detail/CVE-2023-20873This hyperlink is taking you to a website outside of Dell Technologies.
TAR CVE-2022-48303 https://www.suse.com/security/cve/CVE-2022-48303.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://www.suse.com/security/cve/CVE-2022-25147.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libpcre2-8-0 CVE-2022-1587 https://www.suse.com/security/cve/CVE-2022-1587.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libX11 CVE-2022-3555 https://www.suse.com/security/cve/CVE-2022-3555.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt1 CVE-2021-30560 https://www.suse.com/security/cve/CVE-2021-30560.htmlThis hyperlink is taking you to a website outside of Dell Technologies.
TCL suse-su-20223653-1 https://www.suse.com/pt-br/support/update/announcement/2022/suse-su-20223653-1/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-28043 Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-28043 Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N  This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product Affected Versions Remediated Versions Link
Dell Secure Connect Gateway Version 5.14.00.16 Version 5.16 https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
 
Product Affected Versions Remediated Versions Link
Dell Secure Connect Gateway Version 5.14.00.16 Version 5.16 https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers
 

修訂歷史記錄

RevisionDateDescription
1.02023-05-31Initial Release
2.02023-06-19Updated Proprietary code CVE score and CVSS Vector String
3.02023-09-01Updated for enhanced presentation with no changes to content. Added external link icons.

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

Secure Connect Gateway, Secure Connect Gateway - Virtual Edition
文章屬性
文章編號: 000214205
文章類型: Dell Security Advisory
上次修改時間: 19 9月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。