Dell Warns of Multiple Secure Connect Gateway Vulnerabilities Let Compromise System
Dell Technologies has issued a critical security advisory warning customers about multiple vulnerabilities in its Secure Connect Gateway (SCG) product that could potentially lead to system compromise.
The vulnerabilities affect versions prior to 5.28.00.14 and require immediate attention from system administrators.
According to Dell’s advisory, two newly identified vulnerabilities specific to Dell’s proprietary code include:
CVE-2025-23382: Sensitive Information Exposure
This vulnerability (CVSS 4.7) allows high-privileged attackers with remote access to expose sensitive system information through improper access controls in the SCG’s SRS component.
Specifically affecting versions prior to 5.28.00.14, it enables unauthorized parties to access:
- System configuration details
- Security parameters
- Operational metadata
The attack surface is limited to authenticated users with elevated privileges, but successful exploitation could provide reconnaissance data for further attacks.
| Risk Factors | Details |
| Affected Products | Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS(Versions prior to 5.28.00.14) |
| Impact | Sensitive system information |
| Exploit Prerequisites | High-privileged attacker Remote access to SCG |
| CVSS 3.1 Score | 4.7 |
CVE-2025-26475: Live-Restore Configuration Vulnerability
Rated (CVSS 5.5), this flaw stems from improper validation of the container Live-Restore feature in SCG version 5.26. While designed to maintain container operations during daemon restarts, the implementation introduces:
- Potential security control bypasses
- Increased attack surface during maintenance windows
- Risk of accidental misconfigurations
Attackers could exploit this through phishing or UI redressing attacks to manipulate container persistence settings, potentially bypassing security measures during system updates.
| Risk Factors | Details |
| Affected Products | Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS(Versions prior to 5.28.00.14) |
| Impact | Security control bypass |
| Exploit Prerequisites | Low-privileged attacker, User interaction, Network access |
| CVSS 3.1 Score | 5.5 |
Mitigations
These vulnerabilities represent significant security risks for organizations utilizing Dell Secure Connect Gateway in their infrastructure. It is strongly recommended for all customers to apply the available updates immediately.
Dell has released version 5.28.00.14 to address these vulnerabilities. Administrators are advised to:
- Immediately update Dell Secure Connect Gateway Appliances to version 5.28.00.14 or later.
- Download the update from: https://www.dell.com/support/product-details/product/secure-connect-gateway-ve/drivers.
- Implement recommended security best practices, including network segmentation and the principle of least privilege.
For organizations unable to update immediately, Dell recommends monitoring systems for suspicious activity and implementing temporary mitigations where possible.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Source link
