ID

VAR-202202-1599


CVE

CVE-2022-24409


TITLE

Dell BSAFE SSL-J  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005987

DESCRIPTION

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date. Dell BSAFE SSL-J Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-24409 // JVNDB: JVNDB-2022-005987 // VULHUB: VHN-414156

AFFECTED PRODUCTS

vendor:dellmodel:bsafe ssl-jscope:gteversion:6.1.0

Trust: 1.0

vendor:dellmodel:bsafe ssl-jscope:ltversion:6.4

Trust: 1.0

vendor:デルmodel:bsafe ssl-jscope: - version: -

Trust: 0.8

vendor:デルmodel:bsafe ssl-jscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005987 // NVD: CVE-2022-24409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-24409
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-24409
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-24409
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202202-1801
value: HIGH

Trust: 0.6

VULHUB: VHN-414156
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-24409
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-414156
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-24409
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-24409
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-24409
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-414156 // JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801 // NVD: CVE-2022-24409 // NVD: CVE-2022-24409

PROBLEMTYPE DATA

problemtype:CWE-385

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005987 // NVD: CVE-2022-24409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1801

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-1801

PATCH

title:DSA-2022-023url:https://www.dell.com/support/kbdoc/ja-jp/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel

Trust: 0.8

title:RSA BSAFE SSL-J Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=184518

Trust: 0.6

sources: JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801

EXTERNAL IDS

db:NVDid:CVE-2022-24409

Trust: 3.3

db:JVNDBid:JVNDB-2022-005987

Trust: 0.8

db:CNNVDid:CNNVD-202202-1801

Trust: 0.6

db:VULHUBid:VHN-414156

Trust: 0.1

sources: VULHUB: VHN-414156 // JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801 // NVD: CVE-2022-24409

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-24409

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-24409/

Trust: 0.6

sources: VULHUB: VHN-414156 // JVNDB: JVNDB-2022-005987 // CNNVD: CNNVD-202202-1801 // NVD: CVE-2022-24409

SOURCES

db:VULHUBid:VHN-414156
db:JVNDBid:JVNDB-2022-005987
db:CNNVDid:CNNVD-202202-1801
db:NVDid:CVE-2022-24409

LAST UPDATE DATE

2024-08-14T15:11:35.946000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-414156date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2022-005987date:2023-06-22T03:13:00
db:CNNVDid:CNNVD-202202-1801date:2022-10-08T00:00:00
db:NVDid:CVE-2022-24409date:2022-09-30T02:39:41.760

SOURCES RELEASE DATE

db:VULHUBid:VHN-414156date:2022-02-23T00:00:00
db:JVNDBid:JVNDB-2022-005987date:2023-06-22T00:00:00
db:CNNVDid:CNNVD-202202-1801date:2022-02-23T00:00:00
db:NVDid:CVE-2022-24409date:2022-02-23T22:15:07.647