PT-2023-9323 · Dell · Dell Bsafe Crypto-C Micro Edition+1
Published
2023-04-13
·
Updated
2024-08-20
·
CVE-2023-28074
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Dell BSAFE Crypto-C Micro Edition version 4.1.5
Dell BSAFE Micro Edition Suite versions 4.0 through 4.6.1
Dell BSAFE Micro Edition Suite version 5.0
Description
The issue is related to an Out-of-bounds Read vulnerability and integer overflow when handling field lengths. An unauthenticated attacker with local access could potentially exploit this, leading to Information exposure. Exploitation may allow an attacker to compromise the vulnerable system.
Recommendations
For Dell BSAFE Crypto-C Micro Edition version 4.1.5, update to a version that fixes the Out-of-bounds Read vulnerability.
For Dell BSAFE Micro Edition Suite versions 4.0 through 4.6.1, update to a version that fixes the integer overflow and buffer over-read issues.
For Dell BSAFE Micro Edition Suite version 5.0, update to a version that fixes the buffer over-read vulnerability.
As a temporary workaround, consider restricting access to the vulnerable systems to minimize the risk of exploitation.
Fix
Out of bounds Read
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Bsafe Crypto-C Micro Edition
Dell Bsafe Micro Edition Suite