CVE-2020-35168 : Security Advisory and Response
Learn about CVE-2020-35168, an Observable Timing Discrepancy Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite. Find mitigation steps and impact details.
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Understanding CVE-2020-35168
This CVE involves a vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite.
What is CVE-2020-35168?
CVE-2020-35168 is an Observable Timing Discrepancy Vulnerability found in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite.
The Impact of CVE-2020-35168
- CVSS Base Score: 4.7 (Medium Severity)
- Attack Complexity: High
- Attack Vector: Local
- Confidentiality Impact: High
- Privileges Required: Low
- This vulnerability does not impact availability.
Technical Details of CVE-2020-35168
This section provides more technical insights into the CVE.
Vulnerability Description
The vulnerability involves an Observable Timing Discrepancy in the affected Dell products.
Affected Systems and Versions
- Affected Product: Dell BSAFE Crypto-C Micro Edition
- Vendor: Dell
- Versions Affected: Before 4.1.5
- Affected Product: Dell BSAFE Micro Edition Suite
- Vendor: Dell
- Versions Affected: Before 4.6
Exploitation Mechanism
The vulnerability can be exploited locally with low privileges, impacting confidentiality.
Mitigation and Prevention
Protect your systems from CVE-2020-35168 with these mitigation strategies.
Immediate Steps to Take
- Update affected Dell products to versions 4.1.5 and 4.6 or higher.
- Monitor for any unusual activities on the systems.
Long-Term Security Practices
- Regularly update and patch software to prevent vulnerabilities.
- Implement encryption mechanisms to safeguard sensitive data.
Patching and Updates
- Stay informed about security alerts and updates from Dell and other relevant sources.