Lucene search

MitreCVE-2017-16560

HistoryNov 16, 2017 - 3:29 p.m.

CVE-2017-16560

2017-11-1615:29:00

CWE-922

mitre

web.nvd.nist.gov

sandisk

secure access

3.01

vault

vulnerability

decrypted files

temp folder

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

12.6%

JSON

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.

Affected configurations

Nvd

Node

sandisksecureaccessMatch3.01

VendorProductVersionCPE
sandisksecureaccess3.01cpe:2.3:a:sandisk:secureaccess:3.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sandisk	secureaccess	3.01	cpe:2.3:a:sandisk:secureaccess:3.01:::::::*

References

medium.com/%40esterling_/cve-2017-16560-sandisk-secure-access-leaves-plain-text-copies-of-files-on-disk-4eabeca6bdbc

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2017-16560