Dell BSAFE Crypto-J/BSAFE SSL-J reliance on component that is not updateable
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Dell BSAFE Crypto-J and BSAFE SSL-J and classified as critical. The impacted element is an unknown function. The manipulation results in reliance on component that is not updateable. This vulnerability is reported as CVE-2022-34381. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Dell BSAFE Crypto-J and BSAFE SSL-J (the affected version is unknown). Affected is an unknown code. The manipulation with an unknown input leads to a reliance on component that is not updateable vulnerability. CWE is classifying the issue as CWE-1329. The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.
The weakness was disclosed 02/02/2024 as dsa-2022-208. The advisory is shared for download at dell.com. This vulnerability is traded as CVE-2022-34381 since 06/23/2022. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 209256 (Oracle Enterprise Manager Cloud Control (October 2024 CPU)), which helps to determine the existence of the flaw in a target environment.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (209256). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
License
Website
- Vendor: https://www.dell.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.7VulDB Meta Temp Score: 8.6
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CNA Base Score: 9.1
CNA Vector (Dell): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Reliance on component that is not updateableCWE: CWE-1329
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 209256
Nessus Name: Oracle Enterprise Manager Cloud Control (October 2024 CPU)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
06/23/2022 🔍02/02/2024 🔍
02/02/2024 🔍
10/18/2024 🔍
Sources
Vendor: dell.comAdvisory: dsa-2022-208
Status: Confirmed
CVE: CVE-2022-34381 (🔍)
GCVE (CVE): GCVE-0-2022-34381
GCVE (VulDB): GCVE-100-252732
Entry
Created: 02/02/2024 17:49Updated: 10/18/2024 03:26
Changes: 02/02/2024 17:49 (47), 02/25/2024 09:55 (11), 10/18/2024 03:26 (16)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.