跳至主要內容
登出

歡迎來到 Dell

我的帳戶
  • 簡單快速地下訂單
  • 檢視訂單及追蹤商品運送狀態
  • 建立並存取您的產品清單
  • 使用「公司管理」來管理您的 Dell EMC 網站、產品和產品層級連絡人。
登入 建立帳戶 Premier 登入 合作夥伴計畫登入
與我們連絡

您的 Dell.com 購物車

文章編號: 000181115

DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities

摘要: Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite remediations are available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

文章內容

影響

Critical

詳細資料

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4
CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4

解決方式與緩解措施

Workarounds or mitigation may exist based on individual use case and usage of the product. Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities, including possible workaround or mitigations.

修訂歷史記錄

RevisionDateDescription
1.02019-09-11Initial revision.
2.02022-07-06Details provided.

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律資訊

文章屬性

受影響的產品

BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information

上次發佈日期

06 7月 2022

文章類型

Dell Security Advisory

返回頁首