CVE-2020-29505 in Dell and Oracle Products
Published on July 11, 2022

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.

NVD

Vulnerability Analysis

CVE-2020-29505 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Insufficient Entropy

The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Products Associated with CVE-2020-29505

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-29505 are published in these products:

Dell Bsafe Micro Edition Suite

Dell Bsafe Crypto C Micro Edition

Oracle Retail Customer Insights

Affected Versions

Dell BSAFE Crypto-C Micro Edition:

Version unspecified and below 4.1.5 and 4.6 is affected.

Exploit Probability

EPSS

0.48%

Percentile

64.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.