Article Number: 000217683
DSA-2023-321: Security Update for Dell Secure Connect Gateway Security Policy Manager Vulnerabilities
Summary: Dell Secure Connect Gateway Policy Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
| Third-party Component | CVEs | More Information |
|---|---|---|
| Spring Boot | CVE-2023-20883 | See NVD for individual scores for each CVE http://nvd.nist.gov/  |
| Apache Tomcat | CVE-2023-34981 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Google Guava | CVE-2023-2976 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Bouncy Castle | CVE-2023-33201 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Azul Systems JRE 1.8 | CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968 |
See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| VMWare Tools | CVE-2023-20867 | See NVD for individual scores for each CVE http://nvd.nist.gov/ |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Affected Products and Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-20867, CVE-2023-20883, CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968, CVE-2023-2976, CVE-2023-33201, CVE-2023-34981, CVE-2023-39252 |
SCG Policy Manager | Version 5.16.00.14 | Version 5.18.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-20867, CVE-2023-20883, CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21937, CVE-2023-21938, CVE-2023-21968, CVE-2023-2976, CVE-2023-33201, CVE-2023-34981, CVE-2023-39252 |
SCG Policy Manager | Version 5.16.00.14 | Version 5.18.00.00 | Support for Secure Connect Gateway - Virtual Edition | Drivers & Downloads |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-09-20 | Initial Release |
| 2.0 | 2023-09-21 | Updating for enhanced presentation with no changes to content |
| 3.0 | 2023-10-04 | Updated hyperlinks in Affected Products and Remediation section. |
Related Information
Legal Information
Article Properties
Affected Product
Secure Connect Gateway, Secure Connect Gateway
Last Published Date
04 Oct 2023
Article Type
Dell Security Advisory