Observable Timing Discrepancy Vulnerability in Dell BSAFE Micro Edition Suite
CVE-2021-21575

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Bsafe Micro Edition Suite
Vendor: CVE Published:; 2 February 2024

Summary

The BSAFE Micro Edition Suite by Dell exhibits an observable timing discrepancy vulnerability. This issue may allow an attacker to infer information based on the timing variations in responses, potentially compromising sensitive data. Versions prior to 4.5.2 are particularly affected, leading to risks associated with the integrity and confidentiality of sensitive applications that rely on this suite.

Affected Version(s)

BSAFE Micro Edition Suite All versions before 4.5.2

References

https://www.dell.com/support/kbdoc/en-us/000189462/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Jan 4, 2021