CVE-2020-5360 – Dell BSAFE Micro Edition Suite versions before ... (How to Fix)

Q: What is the severity of CVE-2020-5360?

CVE-2020-5360 has a CVSS score of 7.5 (HIGH). Dell BSAFE Micro Edition Suite versions before 4.5 contain a buffer under-read vulnerability that allows unauthenticated remote attackers to cause undefined behavior or system crashes. This affects systems using the vulnerable cryptographic library for SSL/TLS or other security functions.

📋 TL;DR

Dell BSAFE Micro Edition Suite versions before 4.5 contain a buffer under-read vulnerability that allows unauthenticated remote attackers to cause undefined behavior or system crashes. This affects systems using the vulnerable cryptographic library for SSL/TLS or other security functions.

💻 Affected Systems

Products:

Dell BSAFE Micro Edition Suite

Versions: All versions prior to 4.5

Operating Systems: All platforms where BSAFE is deployed

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any application or system using the vulnerable BSAFE library for cryptographic operations

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though buffer under-reads typically cause crashes rather than RCE

🟠

Likely Case

Denial of service through application or system crashes, potentially disrupting SSL/TLS services

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though crashes could still occur

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Buffer under-read vulnerabilities require specific conditions to trigger and may be difficult to weaponize for RCE

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Download BSAFE Micro Edition Suite version 4.5 or later from Dell support. 2. Replace the vulnerable library files. 3. Restart affected applications/services. 4. Test functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to systems using BSAFE to trusted sources only

Application Firewall Rules

all

Implement firewall rules to block unexpected traffic patterns that could trigger the vulnerability

🧯 If You Can't Patch

Isolate affected systems from untrusted networks
Implement monitoring for crash events and abnormal behavior

🔍 How to Verify

Check if Vulnerable:

Check BSAFE library version in applications or system libraries. Versions before 4.5 are vulnerable.

Check Version:

Check application documentation or system library paths for BSAFE version information

Verify Fix Applied:

Verify BSAFE library version is 4.5 or later and test SSL/TLS functionality

📡 Detection & Monitoring

Log Indicators:

Application crashes
SSL/TLS handshake failures
Memory access violation errors

Network Indicators:

Abnormal SSL/TLS traffic patterns
Connection resets during cryptographic operations

SIEM Query:

search 'BSAFE' OR 'cryptographic failure' OR 'memory violation' in application logs

📊 Metadata

CVE ID: CVE-2020-5360

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-127

Published: December 16, 2020

Last Updated: November 21, 2024

🔗 References

https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities Vendor Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch,Third Party Advisory
https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities Vendor Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5360, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bsafe Micro Edition Suite by Dell

Database by Oracle

Database by Oracle

Database by Oracle

Database by Oracle

Http Server by Oracle

Http Server by Oracle

Http Server by Oracle

Security Service by Oracle

Security Service by Oracle

Security Service by Oracle

Weblogic Server Proxy Plug In by Oracle

Weblogic Server Proxy Plug In by Oracle

Weblogic Server Proxy Plug In by Oracle

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Application Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities