DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities
요약: Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite remediations are available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-35169 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. |
9.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29504 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. |
7.4 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29505 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. |
7.1 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| CVE-2020-29506 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
6.8 | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35164 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
6.7 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2021-21575 |
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-29508 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| CVE-2020-35163 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-35165 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35166 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35167 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.8 | AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35168 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.7 | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-35169 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. |
9.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29504 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. |
7.4 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29505 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. |
7.1 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| CVE-2020-29506 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
6.8 | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35164 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
6.7 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2021-21575 |
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-29508 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| CVE-2020-35163 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-35165 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35166 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35167 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.8 | AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35168 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.7 | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
영향을 받는 제품 및 문제 해결
| CVEs addressed | Product | Affected Versions | Updated Versions |
| CVE-2020-35169 CVE-2020-29504 CVE-2020-29505 CVE-2020-29506 CVE-2021-21575 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.5.2 | 4.5.2 4.6 |
|
| CVE-2020-35164 CVE-2020-29508 CVE-2020-35163 CVE-2020-35165 CVE-2020-35166 CVE-2020-35167 CVE-2020-35168 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.6 | 4.6 | |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.4 | 4.1.4 |
| Dell BSAFE Micro Edition Suite | All versions before 4.4 | 4.4 |
| CVEs addressed | Product | Affected Versions | Updated Versions |
| CVE-2020-35169 CVE-2020-29504 CVE-2020-29505 CVE-2020-29506 CVE-2021-21575 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.5.2 | 4.5.2 4.6 |
|
| CVE-2020-35164 CVE-2020-29508 CVE-2020-35163 CVE-2020-35165 CVE-2020-35166 CVE-2020-35167 CVE-2020-35168 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.6 | 4.6 | |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.4 | 4.1.4 |
| Dell BSAFE Micro Edition Suite | All versions before 4.4 | 4.4 |
해결 방법 및 완화 방안
Workarounds or mitigation may exist based on individual use case and usage of the product. Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities, including possible workaround or mitigations.
개정 내역
| Revision | Date | Description |
| 1.0 | 2019-09-11 | Initial revision. |
| 2.0 | 2022-07-06 | Details provided. |
관련 정보
법적 고지 사항
해당 제품
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information문서 속성
문서 번호: 000181115
문서 유형: Dell Security Advisory
마지막 수정 시간: 19 9월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.