DSA-2023-120: Dell BSAFE™ Micro Edition Suite Security Update
Resumen: Dell BSAFE Micro Edition Suite remediation is available to address a vulnerability that could be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Medium
Detalles
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Corrección y productos afectados
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
Note: This vulnerability does not impact BSAFE Crypto-C Micro Edition FIPS Module, but only impacts the SDK. Customers impacted by the BSAFE Crypto-C Micro Edition SDK vulnerability can upgrade to BSAFE Micro Edition Suite as per the announcement at https://www.dell.com/support/kbdoc/000205186
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Soluciones alternativas y mitigaciones
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-28074 | This issue can be mitigated by a workaround, if customer’s implementations are deemed to be vulnerable. Customers with an active maintenance contract can contact BSAFE Support for details about the workaround. |
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-13 | Initial release |
| 1.1 | 2023-04-14 | Minor Update |
| 2.0 | 2023-05-03 | Major Update |
| 3.0 | 2023-09-18 | Major Update |
| 4.0 | 2024-07-30 | Public Disclosure of CVE details |
| 5.0 | 2024-08-20 | Revised CVE Description |
Información relacionada
Descargo de responsabilidad
Productos afectados
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security InformationPropiedades del artículo
Número del artículo: 000212325
Tipo de artículo: Dell Security Advisory
Última modificación: 20 ago. 2024
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.