DSA-2023-120: Dell BSAFE™ Micro Edition Suite Security Update
Samenvatting: Dell BSAFE Micro Edition Suite remediation is available to address a vulnerability that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Medium
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Getroffen producten en herstel
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
Note: This vulnerability does not impact BSAFE Crypto-C Micro Edition FIPS Module, but only impacts the SDK. Customers impacted by the BSAFE Crypto-C Micro Edition SDK vulnerability can upgrade to BSAFE Micro Edition Suite as per the announcement at https://www.dell.com/support/kbdoc/000205186
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Tijdelijke oplossingen en risicobeperking
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-28074 | This issue can be mitigated by a workaround, if customer’s implementations are deemed to be vulnerable. Customers with an active maintenance contract can contact BSAFE Support for details about the workaround. |
Revisiegeschiedenis
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-13 | Initial release |
| 1.1 | 2023-04-14 | Minor Update |
| 2.0 | 2023-05-03 | Major Update |
| 3.0 | 2023-09-18 | Major Update |
| 4.0 | 2024-07-30 | Public Disclosure of CVE details |
| 5.0 | 2024-08-20 | Revised CVE Description |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security InformationArtikeleigenschappen
Artikelnummer: 000212325
Artikeltype: Dell Security Advisory
Laatst aangepast: 20 aug. 2024
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.