DSA-2022-023: Dell BSAFE SSL-J 6.4 Security Update for a Single Covert Timing Channel Vulnerability
Summary: Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-24409 | Dell BSAFE SSL-J 6.1.x, 6.2.x and 6.3.x contain a Covert Timing Channel vulnerability. An attacker may potentially exploit this vulnerability to eavesdrop on all encrypted communication, leading to exposure of sensitive data. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-24409 | Dell BSAFE SSL-J 6.1.x, 6.2.x and 6.3.x contain a Covert Timing Channel vulnerability. An attacker may potentially exploit this vulnerability to eavesdrop on all encrypted communication, leading to exposure of sensitive data. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell BSAFE SSL-J | 6.1.x 6.2.x 6.3.x |
6.4 | Contact Dell BSAFE Support at bsafe.support@dell.com, or bsafe.support.japan@dell.com. |
NOTE: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell BSAFE SSL-J | 6.1.x 6.2.x 6.3.x |
6.4 | Contact Dell BSAFE Support at bsafe.support@dell.com, or bsafe.support.japan@dell.com. |
NOTE: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Workarounds & Mitigations
Potential workaround(s) can be provided to customers with an active BSAFE maintenance contract by contacting Dell BSAFE Support at bsafe.support@dell.com, or bsafe.support.japan@dell.com.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-02-14 | Initial Release. |
| 1.1 | 2022-03-14 | Added CVE ID and CVSS score to details. |
| 1.2 | 2022-04-19 | Update to CVSS score. |
| 2.0 | 2023-02-17 | Update to CVE description and CVSS vector |
Related Information
Legal Disclaimer
Affected Products
BSAFE SSL-J, Product Security InformationArticle Properties
Article Number: 000196312
Article Type: Dell Security Advisory
Last Modified: 17 Feb 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.