DSA-2023-120: Dell BSAFE™ Micro Edition Suite Security Update
摘要: Dell BSAFE Micro Edition Suite remediation is available to address a vulnerability that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28074 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
受影響的產品與補救措施
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell BSAFE Micro Edition Suite | Version 5.0 | Versions 5.0.1 and 5.0.2.1 | How To Request a Dell BSAFE product download |
| Dell BSAFE Micro Edition Suite | Versions 4.0 through 4.6.1 | Version 4.6.2 | How To Request a Dell BSAFE product download |
| Dell BSAFE Crypto-C Micro Edition | Versions 4.0 through 4.1.5 | Versions MES 4.6.2 and MES 5.0.1 | How To Request a Dell BSAFE product download |
Note: This vulnerability does not impact BSAFE Crypto-C Micro Edition FIPS Module, but only impacts the SDK. Customers impacted by the BSAFE Crypto-C Micro Edition SDK vulnerability can upgrade to BSAFE Micro Edition Suite as per the announcement at https://www.dell.com/support/kbdoc/000205186
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Customers running affected versions per the "Affected Products" table above should upgrade to Micro Edition Suite 5.0.2.1.
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
因應措施與緩解措施
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-28074 | This issue can be mitigated by a workaround, if customer’s implementations are deemed to be vulnerable. Customers with an active maintenance contract can contact BSAFE Support for details about the workaround. |
修訂歷史記錄
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-13 | Initial release |
| 1.1 | 2023-04-14 | Minor Update |
| 2.0 | 2023-05-03 | Major Update |
| 3.0 | 2023-09-18 | Major Update |
| 4.0 | 2024-07-30 | Public Disclosure of CVE details |
| 5.0 | 2024-08-20 | Revised CVE Description |
相關資訊
法律免責聲明
受影響的產品
BSAFE Crypto-C Micro Edition, BSAFE Micro Edition Suite, Product Security Information文章屬性
文章編號: 000212325
文章類型: Dell Security Advisory
上次修改時間: 20 8月 2024
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。