Sradulea

**Name of the Vulnerable Software and Affected Versions** Dell EMC SCG Policy Manager versions 5.10 through 5.12 **Description** The issue is related to a Hard-coded Cryptographic Key, which could allow an attacker with knowledge of the hard-coded sensitive information to potentially exploit this vulnerability and gain admin privileges by logging into the system. An attacker could exploit this to elevate their privileges. **Recommendations** For Dell EMC SCG Policy Manager versions 5.10 through 5.12, consider restricting access to sensitive areas of the system until a fix is available, and avoid using the hard-coded cryptographic key in any authentication processes. As a temporary workaround, consider disabling any features that rely on the hard-coded key to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell EMC SCG Policy Manager versions 5.10 through 5.12 **Description** The issue is related to the use of a hard-coded cryptographic key in the Policy Manager software of Dell Secure Connect Gateway (SCG). An attacker with knowledge of the hard-coded sensitive information could potentially exploit this to login to the system and gain LDAP user privileges. **Recommendations** For versions 5.10 through 5.12, consider disabling access to sensitive areas of the system until a patch is available to prevent potential privilege escalation. As a temporary workaround, restrict access to the system to minimize the risk of exploitation until the issue is resolved. Avoid using the system for sensitive operations until the hard-coded cryptographic key vulnerability is fixed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell EMC SCG Policy Manager versions 5.10 through 5.12 **Description** The issue is related to a hard-coded password vulnerability. An attacker with knowledge of the hard-coded credentials could exploit this to login to the system and gain admin privileges. The vulnerability is also associated with the use of a hard-coded cryptographic key, which could allow an attacker to elevate their privileges. **Recommendations** For versions 5.10 through 5.12, consider disabling the use of hard-coded credentials as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using the hard-coded cryptographic key in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.