CVE-2019-3732Covert Timing Channel in Dell RSA Bsafe Crypto-c Micro Edition

CWE-385Covert Timing ChannelCWE-203Observable Discrepancy3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 45.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Dell RSA Bsafe Crypto-c Micro EditionDell RSA Bsafe MESDell Bsafe Crypto-c-micro-edition+2 more
Timeline
PublishedSep 30
Latest updateMay 24

Description

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDdell/bsafe_micro-edition-suite4.0.04.0.11+2
CVEListV5dell/rsa_bsafe_crypto-c_micro_editionunspecified4.1.4
NVDemc/rsa_bsafe_crypto-c4.14.1.3.3
CVEListV5dell/rsa_bsafe_mesunspecified4.4

🔴Vulnerability Details

2
GHSA
GHSA-4qgj-3gq9-2chf: RSA BSAFE Crypto-C Micro Edition, versions prior to 42022-05-24
CVEList
CVE-2019-3732: RSA BSAFE Crypto-C Micro Edition, versions prior to 42019-09-30
CVE-2019-3732 — Covert Timing Channel in Dell | cvebase