PT-2022-3586 · Dell+1 · Dell Bsafe Crypto-C Micro Edition+2

Felix Wilhelm

Published

2022-07-11

Updated

2022-10-06

CVE-2020-35169

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell BSAFE Crypto-C Micro Edition versions prior to 4.1.5 Dell BSAFE Micro Edition Suite versions prior to 4.5.2

Description The issue is related to improper input validation, which can allow a remote attacker to execute arbitrary code in the context of the current user. This is due to incorrect verification of cryptographic signatures.

Recommendations For Dell BSAFE Crypto-C Micro Edition versions prior to 4.1.5, update to version 4.1.5 or later. For Dell BSAFE Micro Edition Suite versions prior to 4.5.2, update to version 4.5.2 or later.

Fix

Improper Verification of Cryptographic Signature

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-20

Related Identifiers

BDU:2022-04370

CVE-2020-35169

Affected Products

Dell Bsafe Crypto-C Micro Edition

Dell Bsafe Micro Edition Suite

Oracle Database

PT-2022-3586 · Dell+1 · Dell Bsafe Crypto-C Micro Edition+2

CVE-2020-35169

Weakness Enumeration

Related Identifiers

Affected Products

References · 7