DSA-2023-120: Dell BSAFE™ Micro Edition Suite Security Update
Сводка: Dell BSAFE Micro Edition Suite remediation is available to address a vulnerability that could be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Medium
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Затронутые продукты и исправление
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
Note: This vulnerability does not impact BSAFE Crypto-C Micro Edition FIPS Module, but only impacts the SDK. Customers impacted by the BSAFE Crypto-C Micro Edition SDK vulnerability can upgrade to BSAFE Micro Edition Suite as per the announcement at https://www.dell.com/support/kbdoc/000205186
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Временные решения и снижение риска
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-28074 | This issue can be mitigated by a workaround, if customer’s implementations are deemed to be vulnerable. Customers with an active maintenance contract can contact BSAFE Support for details about the workaround. |
История изменений
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-13 | Initial release |
| 1.1 | 2023-04-14 | Minor Update |
| 2.0 | 2023-05-03 | Major Update |
| 3.0 | 2023-09-18 | Major Update |
| 4.0 | 2024-07-30 | Public Disclosure of CVE details |
| 5.0 | 2024-08-20 | Revised CVE Description |
Связанная информация
Правовая оговорка
Затронутые продукты
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security InformationСвойства статьи
Номер статьи: 000212325
Тип статьи: Dell Security Advisory
Последнее изменение: 20 Aug 2024
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.