DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities

Summary: Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite remediations are available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4
CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4

Workarounds & Mitigations

Workarounds or mitigation may exist based on individual use case and usage of the product. Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities, including possible workaround or mitigations.

Revision History

RevisionDateDescription
1.02019-09-11Initial revision.
2.02022-07-06Details provided.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information
Article Properties
Article Number: 000181115
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.