DSA-2023-120: Dell BSAFE™ Micro Edition Suite Security Update
Zusammenfassung: Dell BSAFE Micro Edition Suite remediation is available to address a vulnerability that could be exploited by malicious users to compromise the affected system.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Betroffene Produkte und Korrektur
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
Note: This vulnerability does not impact BSAFE Crypto-C Micro Edition FIPS Module, but only impacts the SDK. Customers impacted by the BSAFE Crypto-C Micro Edition SDK vulnerability can upgrade to BSAFE Micro Edition Suite as per the announcement at https://www.dell.com/support/kbdoc/000205186
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Workarounds und Korrekturmaßnahmen
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-28074 | This issue can be mitigated by a workaround, if customer’s implementations are deemed to be vulnerable. Customers with an active maintenance contract can contact BSAFE Support for details about the workaround. |
Revisionsverlauf
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-13 | Initial release |
| 1.1 | 2023-04-14 | Minor Update |
| 2.0 | 2023-05-03 | Major Update |
| 3.0 | 2023-09-18 | Major Update |
| 4.0 | 2024-07-30 | Public Disclosure of CVE details |
| 5.0 | 2024-08-20 | Revised CVE Description |
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security InformationArtikeleigenschaften
Artikelnummer: 000212325
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 20 Aug. 2024
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.