CVE-2022-34442

Name of the Vulnerable Software and Affected Versions Dell EMC SCG Policy Manager versions 5.10 through 5.12

Description The issue is related to the use of a hard-coded cryptographic key in the Policy Manager software of Dell Secure Connect Gateway (SCG). An attacker with knowledge of the hard-coded sensitive information could potentially exploit this to login to the system and gain LDAP user privileges.

Recommendations For versions 5.10 through 5.12, consider disabling access to sensitive areas of the system until a patch is available to prevent potential privilege escalation. As a temporary workaround, restrict access to the system to minimize the risk of exploitation until the issue is resolved. Avoid using the system for sensitive operations until the hard-coded cryptographic key vulnerability is fixed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.