Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000181115

DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities

Summary: Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite remediations are available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4
CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4

Workarounds and Mitigations

Workarounds or mitigation may exist based on individual use case and usage of the product. Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities, including possible workaround or mitigations.

Revision History

RevisionDateDescription
1.02019-09-11Initial revision.
2.02022-07-06Details provided.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information

Last Published Date

06 Jul 2022

Article Type

Dell Security Advisory

Back to Top