Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000222433

DSA-2024-076: Security Update for Dell Secure Connect Gateway Appliance Vulnerabilities

Summary: Dell Secure Connect Gateway Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-Party Component
 		 CVEs More information
Apache Tomcat CVE-2023-46589, CVE-2023-44487, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648
 		 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Antisamy CVE-2023-43643 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Exim CVE-2021-38371, CVE-2022-37452, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-51766 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
GCC CVE-2023-4039 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Jackson-databind CVE-2023-35116 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Json CVE-2023-5072 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2023-5717 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Libxml2 CVE-2023-45322 See SUSE link below for each CVE
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Logback CVE-2023-6378, CVE-2023-6481
 		 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Netty CVE-2023-44487 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2023-48795 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-5678, CVE-2023-2650 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Plexus-Utils CVE-2022-4244, CVE-2022-4245 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL CVE-2023-2454, CVE-2023-2455, CVE-2023-5870, CVE-2023-5869, CVE-2023-5868 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Runc CVE-2024-21626 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Snakeyaml CVE-2022-1471 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Springboot-starter CVE-2023-34055 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Sqlite CVE-2023-2137 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Vim CVE-2023-5535 See SUSE link below for each CVE.
https://www.suse.com This hyperlink is taking you to a website outside of Dell Technologies.
Xmlsec CVE-2023-44483 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-22457 Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-22458 Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-22457 Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-22458 Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs
Addressed		 Product Affected Versions Updated Version Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458 Dell Secure Connect Gateway Version 5.20.00.10 Version 5.22.00.18 https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers
 
CVEs
Addressed		 Product Affected Versions Updated Version Link to Update
CVE-2021-38371, CVE-2022-1471, CVE-2022-37452, CVE-2022-4244, CVE-2022-4245, CVE-2023-44487, CVE-2023-48795, CVE-2023-5072, CVE-2023-51766, CVE-2023-5678, CVE-2023-2650, CVE-2023-5868, CVE-2023-5870, CVE-2023-5869, CVE-2023-6378, CVE-2023-6481, CVE-2023-2454, CVE-2023-2455, CVE-2023-45322, CVE-2023-34055, CVE-2023-4039, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2023-5717, CVE-2023-2137, CVE-2023-43643, CVE-2023-35116, CVE-2023-44483, CVE-2023-42114, CVE-2023-42115, CVE-2023-42116, CVE-2023-42117, CVE-2023-42118, CVE-2023-42119, CVE-2023-5535, CVE-2024-21626, CVE-2024-22457, CVE-2024-22458 Dell Secure Connect Gateway Version 5.20.00.10 Version 5.22.00.18 https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers
 

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02024-02-29Initial Release
2.02024-02-29 Added CVE-2024-22457 and CVE-2024-22458 to Affected Products and Remediation Table

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Secure Connect Gateway, Secure Connect Gateway

Last Published Date

29 Feb 2024

Article Type

Dell Security Advisory

Back to Top