跳至主要內容
登出

歡迎來到 Dell

我的帳戶
  • 簡單快速地下訂單
  • 檢視訂單及追蹤商品運送狀態
  • 建立並存取您的產品清單
登入 建立帳戶 Premier 登入 合作夥伴計畫登入
與我們連絡

您的 Dell.com 購物車

DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities

摘要: Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite remediations are available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

本文章適用於   本文章不適用於 
查看關於以下產品的資源

影響

Critical

詳細資料

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2020-35169 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.		 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29504 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.		 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain a Key Management Error Vulnerability.		 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-21575
 		 Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.		 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite,
versions before 4.4, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29508 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Improper Input Validation Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35163 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.		 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-35165 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.8 AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-35168 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.		 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4
CVEs addressed Product Affected Versions Updated Versions
CVE-2020-35169
CVE-2020-29504
CVE-2020-29505
CVE-2020-29506
CVE-2021-21575		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.5.2 4.5.2
4.6
CVE-2020-35164
CVE-2020-29508
CVE-2020-35163
CVE-2020-35165
CVE-2020-35166
CVE-2020-35167
CVE-2020-35168		 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.5 4.1.5
Dell BSAFE Micro Edition Suite All versions before 4.6 4.6
CVE-2020-29507 Dell BSAFE Crypto-C Micro Edition All versions before 4.1.4 4.1.4
Dell BSAFE Micro Edition Suite All versions before 4.4 4.4

因應措施與緩解措施

Workarounds or mitigation may exist based on individual use case and usage of the product. Only customers with active BSAFE maintenance contracts can receive details about the vulnerabilities, including possible workaround or mitigations.

修訂歷史記錄

RevisionDateDescription
1.02019-09-11Initial revision.
2.02022-07-06Details provided.

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information
文章屬性
文章編號: 000181115
文章類型: Dell Security Advisory
上次修改時間: 06 7月 2022
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。