DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities
摘要: Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite remediations are available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Critical
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-35169 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. |
9.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29504 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. |
7.4 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29505 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. |
7.1 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| CVE-2020-29506 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
6.8 | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35164 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
6.7 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2021-21575 |
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-29508 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| CVE-2020-35163 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-35165 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35166 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35167 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.8 | AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35168 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.7 | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-35169 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. |
9.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29504 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. |
7.4 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2020-29505 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. |
7.1 | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| CVE-2020-29506 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
6.8 | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35164 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
6.7 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CVE-2021-21575 |
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-29508 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| CVE-2020-35163 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. |
5.3 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2020-35165 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35166 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
5.1 | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2020-35167 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.8 | AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2020-35168 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. |
4.7 | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
受影響的產品與補救措施
| CVEs addressed | Product | Affected Versions | Updated Versions |
| CVE-2020-35169 CVE-2020-29504 CVE-2020-29505 CVE-2020-29506 CVE-2021-21575 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.5.2 | 4.5.2 4.6 |
|
| CVE-2020-35164 CVE-2020-29508 CVE-2020-35163 CVE-2020-35165 CVE-2020-35166 CVE-2020-35167 CVE-2020-35168 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.6 | 4.6 | |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.4 | 4.1.4 |
| Dell BSAFE Micro Edition Suite | All versions before 4.4 | 4.4 |
| CVEs addressed | Product | Affected Versions | Updated Versions |
| CVE-2020-35169 CVE-2020-29504 CVE-2020-29505 CVE-2020-29506 CVE-2021-21575 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.5.2 | 4.5.2 4.6 |
|
| CVE-2020-35164 CVE-2020-29508 CVE-2020-35163 CVE-2020-35165 CVE-2020-35166 CVE-2020-35167 CVE-2020-35168 |
Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.5 | 4.1.5 |
| Dell BSAFE Micro Edition Suite | All versions before 4.6 | 4.6 | |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition | All versions before 4.1.4 | 4.1.4 |
| Dell BSAFE Micro Edition Suite | All versions before 4.4 | 4.4 |
因應措施與緩解措施
Workarounds or mitigation may exist based on individual use case and usage of the product. Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities, including possible workaround or mitigations.
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2019-09-11 | Initial revision. |
| 2.0 | 2022-07-06 | Details provided. |
相關資訊
法律免責聲明
受影響的產品
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information文章屬性
文章編號: 000181115
文章類型: Dell Security Advisory
上次修改時間: 19 9月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。