Details of VAR-202202-1599

ID

VAR-202202-1599

CVE

CVE-2022-24409

TITLE

Dell BSAFE SSL-J Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005987

DESCRIPTION

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date. Dell BSAFE SSL-J Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-24409 // JVNDB: JVNDB-2022-005987 // VULHUB: VHN-414156

AFFECTED PRODUCTS

vendor:	dell	model:	bsafe ssl-j	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	dell	model:	bsafe ssl-j	scope:	lt	version:	6.4	Trust: 1.0
vendor:	デル	model:	bsafe ssl-j	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	bsafe ssl-j	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005987 // NVD: CVE-2022-24409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24409
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-24409
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-24409
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202202-1801
value:	HIGH
Trust: 0.6
VULHUB:	VHN-414156
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-24409
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-414156
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-24409
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-24409
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24409
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-414156 // JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801 // NVD: CVE-2022-24409 // NVD: CVE-2022-24409

PROBLEMTYPE DATA

problemtype:	CWE-385	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-005987 // NVD: CVE-2022-24409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1801

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-1801

PATCH

title:	DSA-2022-023	url:	https://www.dell.com/support/kbdoc/ja-jp/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel	Trust: 0.8
title:	RSA BSAFE SSL-J Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=184518	Trust: 0.6

sources: JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24409	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005987	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-1801	Trust: 0.6
db:	VULHUB	id:	VHN-414156	Trust: 0.1

sources: VULHUB: VHN-414156 // JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801 // NVD: CVE-2022-24409

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24409	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-24409/	Trust: 0.6

sources: VULHUB: VHN-414156 // JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801 // NVD: CVE-2022-24409

SOURCES

db:	VULHUB	id:	VHN-414156
db:	JVNDB	id:	JVNDB-2022-005987
db:	CNNVD	id:	CNNVD-202202-1801
db:	NVD	id:	CVE-2022-24409

LAST UPDATE DATE

2024-08-14T15:11:35.946000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414156	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-005987	date:	2023-06-22T03:13:00
db:	CNNVD	id:	CNNVD-202202-1801	date:	2022-10-08T00:00:00
db:	NVD	id:	CVE-2022-24409	date:	2022-09-30T02:39:41.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414156	date:	2022-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-005987	date:	2023-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202202-1801	date:	2022-02-23T00:00:00
db:	NVD	id:	CVE-2022-24409	date:	2022-02-23T22:15:07.647