Buffer Over-Read Vulnerability in Dell BSAFE Crypto-C Micro Edition and Related Products
CVE-2023-28074

7.1HIGH

Key Information:

Vendor: Dell
Status: Dell Bsafe Micro Edition Suite; Dell Bsafe Crypto-c Micro Edition
Vendor: CVE Published:; 31 July 2024

Summary

A vulnerability exists in the Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and the Dell BSAFE Micro Edition Suite, comprising versions 4.0 to 4.6.1 and version 5.0, that allows for out-of-bounds read attacks. This security weakness can be exploited by an attacker who has local access, creating a potential risk for sensitive information exposure. Proper security updates are essential for users of these products to safeguard against unauthorized information access.

Affected Version(s)

Dell BSAFE Crypto-C Micro Edition 4.0 <= 4.1.5

Dell BSAFE Micro Edition Suite 5.0

Dell BSAFE Micro Edition Suite 4.0 <= 4.6.1

References

https://www.dell.com/support/kbdoc/en-us/000212325/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Mar 10, 2023